Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.7.4 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP Glossary About us

Creating an SSH key profile

It is the responsibility of the Asset Administrator or the partition's delegated administrator to add SSH key profiles to partitions.

To add an SSH key profile to a partition

  1. Navigate to Administrative Tools | Partitions.
  2. Select a partition from the object list and click the SSH Key Profiles tab.
  3. Click Create SSH Key Profile in the details toolbar above the grid.

  4. On the General tab, supply the following information:

    1. Name: Enter a unique name for the profile. Limit: 50 characters

    2. Description: Enter information about this profile. Limit: 255 characters

  5. On the Check SSH Key tab, identify the rules Safeguard for Privileged Passwords uses to verify account SSH keys. Expand the Description to see information, if available, about the Check SSH Key setting. Perform one of the following:

    • Select previously defined check SSH key settings from the drop-down menu then click Edit to modify the selected check SSH key settings.

    • Click Add to create new check SSH key settings.

    Selecting either of these icons displays the Check SSH Key Settings dialog, allowing you to specify the appropriate check SSH key settings. For more information, see Adding SSH key check settings .

  6. On the Change SSH Key tab, identify the rules used to reset account SSH keys. Expand the Description to see information, if available, about the selected change SSH key settings. Perform one of the following.

    • Choose previously defined change SSH key settings selection from the drop-down menu. Click Edit to modify the selected change SSH key settings.

    • Click Add to create a new change SSH key settings.

    Selecting either of these icons displays the Change SSH Key Settings dialog, allowing you to specify the appropriate change SSH key settings. For more information, see Adding SSH key change settings.

  7. On the Discover SSH Key tab, identify the rules used to discover SSH keys. Expand the Description to see information, if available, about the selected discover SSH key settings. Perform one of the following.

    • Choose a previously defined discover SSH key settings selection from the drop-down menu. Click Edit to modify the selected discover SSH key settings.

    • Click Add to create a new discover SSH key settings.

    Selecting either of these icons displays the Discover SSH Key Settings dialog, allowing you to specify the appropriate discover SSH key settings. For more information, see Adding SSH key discovery.

  8. Click Create SSH Key Profile to save your selections and create the partition SSH key profile.

When creating a new partition SSH key profile, the SSH Key Sync Groups tab is not displayed. This tab is displayed while editing a partition SSH key profile. For more information, see Modifying an SSH key profile. You can use the SSH Key Sync Groups tab to add or update an SSH key sync group governed by the profile change schedule. For more information, see SSH Key Sync Groups settings.

Related Topics

Assigning assets or accounts to a password profile and SSH key profile

Setting a default profile

Assigning a profile to an asset

Modifying an SSH key profile

Any modifications that you make to an SSH key profile affects all the assets and accounts governed by that profile.

To modify a profile

  1. Navigate to Administrative Tools | Partitions.
  2. In Partitions, select a partition from the object list and open the SSH Key Profiles tab.
  3. Select a profile in the grid then perform one of the following.
    • To modify the settings or rules, either double-click the profile or click the  Edit SSH Key Profile icon.
    • To add assets to the profile, click the  Details icon and switch to the Assets tab of the details window.

    • To add accounts to the profile, click the  Details icon and switch to the Accounts tab of the details window.

    • To add SSH key sync groups, click the  Details icon and switch to the SSH Key Sync Groups tab of the details window.

      On the SSH Key Sync Groups tab, add or update an SSH key sync group governed by the partition SSH key profile change schedule. For more information, see SSH Key Sync Groups settings.

      • Click Add to create a new SSH key sync group associated with the profile and assign accounts. The SSH Key Sync Group dialog displays. For more information, see Adding SSH key sync groups.
      • Click Delete Selected to remove the selected SSH key sync group.
      • Click Refresh to refresh the selected SSH key sync group.
      • Click Edit to modify the selected SSH key sync group and account assignments. The SSH Key Sync Group dialog displays. For more information, see Modifying SSH key sync groups.

      • Click Change Sync Group SSH Keys to reset the selected sync group SSH key. When selected, accounts in the sync group re-sync with the new sync group SSH key.

      • In the grid, you can select or deselect the Enable check box to enable or disable the SSH key sync group. If Enable is selected, the sync runs with the profile change schedule.
Related Topics

Assigning assets or accounts to a password profile and SSH key profile

Creating a profile

Setting a default partition

Each Asset Administrator can set a unique default partition and profile so that all new assets that administrator adds are automatically assigned to the default partition and default profile. For more information, see Setting a default profile.

To set the default partition

  1. Navigate to Administrative Tools | Partitions.
  2. In Partitions, right-click a partition and choose Set as Default from the context menu.

    -OR-

  3. Select a partition and click Set as Default from the toolbar.

Setting a default profile

When you create a new partition, Safeguard for Privileged Passwords creates a corresponding default profile with default schedules and rules. Each Asset Administrator can set a unique default partition and profile. Once you set a default profile, all new assets and accounts you add are automatically assigned to that profile.

Safeguard for Privileged Passwords sets the default schedules to "Never" verify or reset passwords or SSH keys. See: Modifying a password profile or Modifying an SSH key profile.

When you associate an asset to a partition, all the accounts associated with that asset, are also added to the scope of that partition. For more information, see About profiles.

To set another profile as the default

  1. Navigate to Administrative Tools | Partitions.
  2. In Partitions, select a partition from the object list and open the Password Profiles or SSH Key Profiles tab.
  3. Select a profile that is not the current default and click  Set as Default from the details toolbar or context menu. (When you select the default profile, the  Set as Default icon is grayed out.)
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating