Chat now with support
Chat with Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Support bundle

To analyze and diagnose issues, One Identity Support may ask the Appliance Administrator or Operations Administrator to send a support bundle containing system and configuration information.

As an alternative, you can use the Recovery Kiosk to generate and send a support bundle to a Windows share. For more information, see Recovery Kiosk (Serial Kiosk).

Virtual appliance support bundles are generate from the web management console. For more information, see Support Kiosk..

IMPORTANT: User must remain on the page until the bundle is complete. If user refreshes or navigates away from the page the back-end bundle process continues to run to completion, but the pending web request is canceled and the bundle will not be retrievable.

To create a support bundle

  1. Navigate to:

    • web client: Navigate to Appliance | Support Bundle.
    • desktop client: Administrative Tools | Settings | Appliance | Support Bundle.
  2. Select Include Event Logs if you want to include operating system events. Unless requested by support, it is recommended to leave this unchecked because it takes much longer to generate the support bundle.
  3. Select Limit included log files then identify the number of Days for which data should be collected.
  4. Click Generate Support Bundle.
  5. Browse to select a location to save the support bundle .zip file and click Save.
  6. Send the support bundle to One Identity Support. For more information, see About us.

Time

It is the responsibility of the Appliance Administrator to manage the appliance time.

Time displays the current appliance time and allows you to enable Network Time Protocol (NTP) and set the primary and secondary NTP servers. In addition, when enabled, the NTP client status can be displayed. As a best practice, set an NTP server to eliminate possible time-related issues.

While not recommended, you can also set the appliance time on a primary (not cluster) manually.

CAUTION: Changing appliance time can result in unintended consequences with processes running on the appliance. For example, there could be a disruption of password check and change profiles and audit log time stamps could be misleading. Do not set the system time before or after the validity period of the Safeguard internal certificates because the appliance will not function.

Clustered environments

NTP setting changes are made on the primary appliance in a cluster. When a replica appliance is enrolled into the cluster, it points to the primary appliance's VPN IP address as the Primary NTP Server and the NTP client service is enabled on the replica appliance. When performing a failover operation to promote a replica to be the new primary, the Primary NTP Server is preserved and applied from the 'old' primary appliance.

Warnings

The following warnings display if your local time is not within five minutes of the appliance time. One Identity recommends that you set an NTP server to eliminate possible time-related issues.

  • Upon log on: Warning: The time associated with Safeguard and your local time are off by 5 or more minutes. Contact the Safeguard administrator to correct this issue before further use.
  • On the Settings | Appliance | Time page: The appliance time and your local time have a difference of 5 or more minutes. It is recommended to set an NTP server.

To enable Network Time Protocol (NTP) and set the primary and secondary NTP servers

  1. Go to Time:
    • web client: Navigate to Appliance | Time.
    • desktop client: Navigate to Administrative Tools | Settings | Appliance | Time.
  2. Select the Enable Network Time Protocol (NTP) check box then provide the following information:

    • Primary NTP Server: Enter the IP address or DNS name of the primary NTP server.

    • Secondary NTP Server: (Optional) Enter the IP address or DNS name of the secondary NTP server.
  3. Click OK (desktop client) or Save (web client) to save your selections.

    When NTP is enabled, click Show Details to view the following information about the NTP client status.

    • Last Sync Time
    • Leap Indicator
    • Poll Interval
    • Precision
    • Reference ID
    • Root Delay
    • Root Dispersion
    • Source
    • Stratum
    • Last Sync Error in web client
    • Time Since Last Good Sync in web client

If NTP is set and you need to change the time, go to the API and use Set-SafeguardTime. For information about using the API, see Using the API.

To manually set the appliance time on a primary (not cluster)

To manually set the time on the appliance (primary not cluster), follow the steps below.

CAUTION: Manually setting the time should be done with caution. Time changes can cause critical data loss.

  1. Go to Time:
    • web client: Navigate to Appliance | Time.
    • desktop client: Navigate to Administrative Tools | Settings | Appliance | Time.
  2. Clear the Enable Network Time Protocol (NTP) check box.
  3. Click OK .
  4. Click Edit.
  5. For the most accurate time, complete the following steps quickly.
    1. On the Set System Time dialog, click Use Client Time to use the local time or select the date and time.
    2. Click OK. The Set System Time warning dialog displays indicating that: Extreme time changes in Safeguard may cause critical data loss.
    3. Type Set Time in the dialog box to confirm then click OK.

Updates

To update to the latest patch, see Patch Updates.

Asset Management settings

Use the Asset Management settings to define and manage dynamic tags for assets and asset accounts which include directory accounts. Asset Management settings allow you to add a custom platform.

Navigate to Administrative Tools | Settings | Asset Management.

Table 168: Asset Management settings
Setting Description

( desktop client only) Custom platforms

Where you add a custom platform.

Registered Connectors Registered Connectors

Where you add a registered connector.

Tags

Where you view and manage dynamic tags for assets and asset accounts.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating