Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.0.5 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Creating a custom platform script

A custom platform script identifies the platform's commands and associated details. Scripts are written in JSON. Scripts include metadata, parameters, function blocks, operations, and if/then constructs to authenticate to the platform and perform password or SSH key validation and reset. The custom platform script is uploaded when adding the custom platform.

An Asset Administrator can create an asset and accept default values in the associated custom script. If you later upload a new version of the custom platform script with different defaults, the asset defaults are not changed.

A delegated administrator cannot create a custom platform script.

Sample scripts

Sample custom platform scripts and command details are available at the following links available from the on GitHub:

CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms.

During development, check your JSON using a validator.

Adding a custom platform

It is the responsibility of the Asset Administrator to configure the rules so Safeguard for Privileged Passwords handles custom platforms. The custom platform script must be available for uploading. For more information, see Creating a custom platform script.

To add a custom platform

  1. Have the custom platform script file available to upload.
  2. Navigate to:
    • web client: Asset Management > Connect and Platforms > Custom Platforms.
  3. Click  Add.
  4. These fields display:
    1. Name: Enter the unique name of the platform type, which may be a product name.
    2. Platform Script: Click Browse. Navigate to and select the script file. Click Open. The selected custom platform script file displays.

    3. Select the Allow Sessions Requests check box to allow session access requests. This check box is typically selected for SSH. Clear the Allow Sessions check box to prohibit session access requests.
  5. Click OK. If the custom platform script has errors, an error message like the following displays: Definition was not a valid json object .

Security Policy Management

In the web client, expand the Security Policy Management section in the left navigation pane.

The following pages are available. See each section for a description of the functions available.

Topics:

Access Request Activity

The Access Request Activity page allows Security Policy Administrators to review and manage access requests from a single location. Clicking one of the access request tiles on the page displays additional information about the access requests belonging to that category. In addition, you can review the request workflow, launch a live session, end a session, or revoke a specific request.

This dashboard is available to Safeguard for Privileged Passwords users assigned the following administrative permissions:

  • Auditor: Read-only view.
  • Security Policy: Full control.
Access requests: Tiles

Clicking any of the following tiles will open a dialog showing additional information. Click the button to customize the tiles that are displayed.

  • Open Requests: Displays a list of all currently opened access requests, including session requests and password release requests.
  • Pending Approval: Displays a list of access requests to be approved.
  • Pending Review: Displays a list of access requests to be reviewed.
  • Open Sessions: Displays a list of all currently opened sessions.
  • Passwords Out: Displays a list of all password release requests that are currently checked out.
  • SSH Keys Out: Displays a list of all SSH key release requests that are currently checked out.
Access requests: Toolbars

After opening one of the tiles, use the toolbar at the top of the details grid to perform the following tasks.

  • View Details: Select to view additional information regarding the request.
  • Request Workflow Details: Select to review the transactions that took place in the selected request. Clicking this button displays the Request Workflow dialog allowing you to audit the transactions that occurred during the request's workflow from request to approval to review.
  • Session Audit Log in SPS: Click this button to open the session audit log in Safeguard for Privileged Sessions.
  • View Live Session: Select to view a live session for the selected session request. Clicking this button launches the Desktop Player (minimum version supported is 1.11.15) allowing you to follow an active session.

    For details on using the Desktop Player, go to One Identity Safeguard for Privileged Sessions - Technical Documentation. Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.

  • Terminate Live Session: Select to close the live session for the selected session request.
  • Close Request: Select to retract the selected access request.
  • Export: Select to create a .csv or .json file of the currently displayed access request grid and save it to a location of your choice. The time is set according to the user time zone.

  • Columns: Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the grid. Clear the check box for data to be excluded from the grid.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating