Adding SSH key sync groups
desktop client only
The Asset Administrator or a partition's delegated administrator defines an SSH key sync group. An account can belong to only one SSH key sync group. To assign SSH key sync groups and related accounts when adding the profile to a partition, see Creating a profile.
To add an SSH key sync group
- Navigate to Administrative Tools | Settings | SSH Key Management | SSH Key Sync Groups.
-
Click 
Add to open the SSH Key Sync Group dialog.
-
Click Browse to select a Profile. The Profile name displays.
NOTE: Multiple SSH sync groups can be added to a profile. The profile change schedule is applied to the sync group. The sync group controls the tasks to change the SSH identity keys for the accounts in the sync group.
- Enter a Name of up to 100 characters.
- Enter a Description of up to 255 characters.
-
Click Add and select one or more Accounts to be synchronized.
The Accounts list displays with the following information about the account: Name, Parent, Service Account, Needs an SSH Key (
if yes or 
if no), and Description. Click any columns to sort the accounts.
- Click OK. The following values display:
- Enabled: Select Enabled to SSH key sync group is active.
- Status: Displayed as if the SSH key is not the same as the sync group, if the SSH key is the same, or
if the account is ignored and possibly should not be in the sync group.
- Name: Name of the SSH key sync group profile.
- Partition: Name of the partition with the SSH key sync group.
- Profile: Name of the profile with the SSH key sync group.
- Accounts: The number of the accounts assigned to the SSH key sync group profile.
- Next Sync Date: The date and time of the next sync.
- Description: The description of the SSH key sync group profile.
- Click OK.
Modifying SSH key sync groups
Users
A user is a person who can log in to Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Users and user groups. in Overview of the Entities.
Your administrator permissions determine what you can view in Users. Users displayed in a faded color are disabled. The following table shows you the tabs that are available to each type of administrator.
- Authorizer Administrator: General, History
- User Administrator: General, User Groups (directory users only), History
- Help Desk Administrator: General, History
- Auditor: General, User Groups , Partitions, Entitlements, Linked Accounts, History
- Asset Administrator: General, Partitions
- Security Policy Administrator: General, User Groups , Entitlements, Linked Accounts, History
The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Enabling or disabling a user.
Users view
The Users view displays the following information about a selected user:
- General tab (user): Displays the authentication, contact information, location, and permissions for the selected user.
- User Groups tab (user): Displays the user groups in which the selected user is a member.
- Partitions tab (user): Displays the partitions over which the selected user is a delegated partition administrator.
- Entitlements tab (user): Displays the entitlements in which the selected user is a member; that is, an entitlement "user".
- Linked Accounts tab (user): Displays the directory accounts linked to the selected user.
- History (user): Displays the details of each operation that has affected the selected user.
Toolbar
Use these toolbar buttons to manage users:
General tab (user)
The General tab lists information about the selected user.
Large tiles at the top of the tab display the number of User Groups, Partitions, Entitlements, and Linked Accounts associated with the selected user, based on the user's permissions. Clicking a tile heading opens the corresponding tab.
The tiles visible depend on your administrator permissions:
- All tiles are visible to the Auditor.
- Partitions tile is visible to Asset Administrator.
- User Groups, Entitlements, and Linked Accounts tiles are visible to Security Policy Administrator.
Navigate to Administrative Tools | Users | General.
Table 195: Users General tab: Authentication properties
|
Identity |
|
|
Identity Provider |
The source from which the user’s personal information comes from and is synchronized with. |
| Username |
A user's display name. |
| First Name |
The user's first name. |
| Last Name |
The user's last name. |
| Work Phone |
The user's work telephone number. |
| Mobile Phone |
The user's mobile telephone number. |
| Email Address |
The user's email address. |
|
Authentication |
|
| Authentication Provider |
How the user authenticates with Safeguard for Privileged Passwords:
- Certificate: with a certificate
- Local: with a user name and password
- Directory name: with directory credentials
|
|
Login name |
The identifier the user logs in with. |
| Domain Name |
If the primary Authentication Provider is a directory, this indicates the directory's domain name. |
|
Distinguished Name |
The distinguished name for authentication. |
| Secondary Authentication |
If you set up a user to require secondary authentication, this indicates the name of this user's secondary authentication service provider. |
| Secondary Authentication Username |
The name of the user account on the secondary authentication service provider required at log in. |
|
Location |
|
| Time Zone |
User can change their time zone, by default. Or, the User Administrator can prohibit a user from changing the time zone, possibly to ensure adherence to policy. For more information, see Time Zone. |
|
Permissions |
|
| Permissions |
Lists the user's administrator permissions or "Standard User" if user does not have administrative permissions. |
|
Description |
|
|
Description |
The description text entered the user information was added or updated. This may be entered on the User dialog, Identity tab in the Description text box. |
Related Topics
Modifying a user
Edit.
Remove Selected to remove the selected account from the SSH key sync group. This does not delete the account from 
Refresh to update the account list.
Sync Now to sync the selected SSH key to match the SSH key sync group. The Status follow:
Add User: 
Delete Selected: 
Import Users: 
User Security: Menu options include: Set Password and Unlock accounts. For more information about these options, refer to 
Permissions: Display the Permissions dialog showing what administrative permissions apply to the selected user.
Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click