Creating an SSH key profile
It is the responsibility of the Asset Administrator or the partition's delegated administrator to add SSH key profiles to partitions.
To add an SSH key profile to a partition
-
Navigate to Asset Management > Partitions.
-
In Partitions, select a partition from the object list and click View Details.
-
Open the SSH Key Profiles tab.
-
Click New Profile from the details toolbar.
-
On the General tab, supply the following information:
-
Name: Enter a unique name for the profile. Limit: 50 characters
-
Description: Enter information about this profile. Limit: 255 characters
-
On the Check SSH Key tab, select a previously defined check SSH key setting from the drop-down menu. These are the rules Safeguard for Privileged Passwords uses to verify account SSH keys. For more information, see Adding SSH key check settings .
-
On the Change SSH Key tab, select a previously defined change SSH key setting from the drop-down menu. These are the rules used to reset account SSH keys. For more information, see Adding SSH key change settings.
-
On the Discover SSH Key tab, select a previously defined discover SSH key settings selection. These are the rules used to discover SSH keys. For more information, see Adding SSH key discovery.
- Click OK to save your selections and create the profile.
When creating a new partition SSH key profile, the SSH Key Sync Groups tab is not displayed. This tab is displayed while editing a partition SSH key profile. You can use the SSH Key Sync Groups tab to add or update an SSH key sync group governed by the profile change schedule. For more information, see SSH Key Sync Groups settings.
Setting a default partition
Each Asset Administrator can set a unique default partition and profile so that all new assets that administrator adds are automatically assigned to the default partition and default profile. For more information, see Setting a default profile.
To set the default partition
- Navigate to Asset Management > Partitions.
-
In Partitions, select a partition and click Set as Default from the toolbar.
Setting a default profile
When you create a new partition, Safeguard for Privileged Passwords creates a corresponding default profile with default schedules and rules. Each Asset Administrator can set a unique default partition and profile. Once you set a default profile, all new assets and accounts you add are automatically assigned to that profile.
Safeguard for Privileged Passwords sets the default schedules to "Never" verify or reset passwords or SSH keys.
When you associate an asset to a partition, all the accounts associated with that asset, are also added to the scope of that partition. For more information, see About profiles.
To set another profile as the default
- Navigate to Asset Management > Partitions.
-
In Partitions, select a partition and click View Details.
- Open the Password Profiles or SSH Key Profiles tab.
- Select a profile that is not the current default and click Set as Default from the details toolbar or context menu. (When you select the default profile, the Set as Default icon is grayed out.)
Assigning assets or accounts to a password profile and SSH key profile
You can assign an asset or an account to a password profile, an SSH key profile, or both. The assets and accounts must be in the scope of the partition to be assigned to a profile.
You can also configure Safeguard for Privileged Passwords to run automatic Asset Discovery or Account Discovery jobs. For more information, see Discovery.
|
CAUTION: Only associate accounts to a profile that you want Safeguard for Privileged Passwords to manage. |
To add assets or accounts to a profile
- Navigate to Asset Management > Partitions.
- Select a partition from the object list and click View Details.
- Open the Password Profiles or SSH Key Profiles tab.
- Select a profile and click Edit.
- To add an asset to the selected profile, switch to the Assets tab.
- Select the asset(s) to be added.
- To add an account to the selected profile, switch to the Accounts tab.
- Select the account(s) to be added.
- Once you have finished editing the profile, save and exit by clicking outside of the profile dialog.