Chat now with support
Chat with Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Configuring SNMP subscriptions

It is the responsibility of the Appliance Administrator to configure Safeguard for Privileged Passwords to send SNMP traps to your SNMP console when certain events occur.

You can create a test to verify the SNMP configuration. For more information, see Verifying SNMP configuration.

To download Safeguard for Privileged Passwords MIB-module definitions from your appliance, enter the following URL into your web browser; no authentication is required:

https://<Appliance IP address>/docs/mib/SAFEGUARD-MIB.mib

To configure SNMP subscriptions

  1. Go to SNMP:
    • web client: Navigate to External Integration | SNMP.
    • desktop client: Navigate to Administrative Tools | Settings | External Integration | SNMP.
  2. Click Add to open the SNMP subscription configuration dialog.
  3. Provide the following information:
    • Network Address: Enter the IP address or FQDN of the primary SNMP network server. Limit: 255 characters
    • UDP Port: Enter the UDP port number for SNMP traps. Default: 162
    • Description: Enter the description of the SNMP subscriber. Limit: 255 characters
    • Events: Browse to select one or more SNMP event types. Use the Clear icon to remove an individual event from this list or right-click and select Remove All to clear all events from the list. The SNMP pane displays the number of events that you select, not the names of the events.
    • Version: Choose the SNMP version: Version 1 or Version 2. Default: Version 2.
    • Community: Enter the SNMP community string, such as public. The SNMP community string is like a user ID, password that allows access to a device's statistics, such as a router. A PRTG Network Monitor sends the community string along with all SNMP requests. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device simply discards the request and does not respond.
  4. Click OK.

Verifying SNMP configuration

Use the Send Test Event link located under the SNMP table to send a test event to verify the SNMP configurations.

To validate your setup

  1. Go to SNMP:
    • web client: Navigate to External Integration | SNMP.
    • desktop client: Navigate to Administrative Tools | Settings | External Integration | SNMP.
  2. When configuring your SNMP subscription, on the SNMP dialog, add the test event to your event subscription. For more information, see Configuring SNMP subscriptions.
  3. On the SNMP settings pane:
    1. Select the SNMP configuration from the table.
    2. Click Send Test Event. Safeguard for Privileged Passwords sends a test event notification to your SNMP console.

Starling

Safeguard for Privileged Passwords can join with the cloud platform One Identity Starling. By joining with One Identity Starling, Safeguard for Privileged Passwords customers can take advantage of companion features from multiple Starling services; such as Starling Two-Factor Authentication and Starling Connect. In addition, once Safeguard for Privileged Passwords has joined with Starling, a Starling Identity and Authentication provider will automatically be added to Safeguard. However, there won't be any users or groups available until an administrator adds a Microsoft Azure Active Directory tenant to their Starling organization via the Directories settings page in Starling. For more information, see the following sections:

Join Starling

In order to use the Safeguard for Privileged Passwords features associated with Starling Connect and Starling Two-Factor Authentication, you must join Safeguard for Privileged Passwords to Starling. It is the responsibility of the Appliance Administrator to join One Identity Safeguard for Privileged Passwords to Starling.

NOTE: In version 2.1 and earlier, you had to specify a Starling API key in order to use Approval Anywhere and Starling Two-Factor Authentication (2FA) as a secondary authentication provider. This is no longer necessary when you join Safeguard for Privileged Passwords to Starling. If you previously configured these features, once you join to Starling, Safeguard for Privileged Passwords automatically migrates your previous configurations to use the credential string generated by the join process.

For additional information and documentation regarding the Starling Cloud platform and services, see the One Identity Documentation.

Prerequisites

See the Starling Release Notes for currently supported platforms.

In order to use the companion features from Starling services, first configure the following:

  • Register a Starling organization. For more information on Starling, see the One Identity Starling User Guide.

    IMPORTANT: The Starling Two-Factor Authentication service is only available to organizations associated with the United States data center. The Starling Connect service is available to organizations in both the United States and European Union data centers.

  • Download the Starling 2FA app on your mobile phone to use the Approval Anywhere feature.

  • If your company requires the use of a proxy to access the internet, you must configure the web proxy to be used. For more information on configuring a web proxy to be used by Safeguard for Privileged Passwords for outbound web requests to integrated services, see Networking.
  • To use the Cloud Assistant feature, you must subscribe to the Starling Cloud Assistant feature and configure the channel(s) that will be used.
Join Safeguard for Privileged Passwords with Starling

NOTE: You must be an Organization Admin for the Starling organization in order to join Safeguard for Privileged Passwords with Starling.

  1. Go to Starling:
    • web client: Navigate to External Integration | Starling.
    • desktop client: Navigate to Administrative Tools | Settings | External Integration | Starling.
  2. Notice that this pane also includes the following links, which provide assistance with Starling:
    • Visit us online to learn more displays the Starling login page where you can create a new Starling account.
    • Trouble Joining displays the Starling support page with information on the requirements and process for joining with Starling.
  3. Click Join to Starling and follow the prompts to complete the process.
    The following additional information may be required:
    • If you do not have an existing session with Starling, you will be prompted to authenticate.
    • If your Starling account belongs to multiple organizations, you will be prompted to select which organization Safeguard for Privileged Passwords will be joined with.
  4. After the join has successfully completed, you will be returned to the Safeguard for Privileged Passwords client and the Starling pane will now show Joined to Starling. For information on the features that are now available, see After joining Starling. For information on unjoining from Starling, see Unjoin Starling.

    IMPORTANT: In order to use the Cloud Assistant feature, once you have joined with Starling you must enable the Register as a sender with Cloud Assistant toggle on the External Integration | Starling pane.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating