Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.5 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Appliance Management Settings

In the web client, Appliance Management has a settings page used to manage the maximum number of platform task retries.

  • Navigate to Appliance Management > Settings to manage the setting listed below.
    Table 73: Appliance Management Setting
    Setting Description

    Maximum Platform Task Retries

    Set the maximum number of platform retries.

    Secure Files Settings

    Disk Usage Threshold: Set disk space dedicated for secure files. The accepted range is 0-1000000 MB. The default value is 10000 MB.

    Max File Size: Set the size limit for secure files. The accepted range is 0-1000000 MB. The default value is 1000 MB.

    • Asset Management

    In the web client, expand the Asset Management section in the left navigation pane.

    Account Automation

    Also available as a pane on the Home page, the Asset Management > Account Automation page allows Asset Administrators to view information regarding accounts that are failing or succeeding different types of tasks. This page includes both automated and manual tasks in the results. Clicking one of the tasks on the view displays additional information.

    Click the button to customize the tasks that are displayed.

    Account Automation: Toolbar

    After selecting a task to view additional information, use the toolbar at the top of the details grid to perform the following tasks.

    • View Details: After selecting a task from the table, click this button to view additional information on the task.
    • Re-Run Task: Available for failed tasks only, select to rerun the selected task.
    • Remove: Available for failed tasks only, select to remove the selected task.
    • Export: Select to create a .csv or .json file of the currently displayed account automation grid and save it to a location of your choice. For more information, see Exporting data.
    • Refresh: Select to refresh the data displayed in the table.
    • Columns: Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the grid. Clear the check box for data to be excluded from the grid.

    Accounts

    A SPP account is a unique identifier that SPP uses to control access to assets. Managed accounts (including directory accounts and service accounts) and groups of accounts can be associated with an asset. Each account has an associated asset; if you delete an asset, SPP permanently deletes all the accounts associated with it.

    The Auditor and the Asset Administrator have permission to access Accounts.

    On Unix assets, the accounts are stored in etc/passwd; however, each platform implements this concept differently.

    Service accounts are designated with a Service Account icon. For more information, see About service accounts.

    To access Accounts, in the web client, navigate to Asset Management > Accounts. If needed, you can use the partition drop-down to select the parent partition of the account. Select an account, then click to display additional information and options.

    Selecting one of the accounts displays the following information:

    • Properties (account): Displays general information about the selected account. It also allows you to manage Passwords, SSH keys, API keys, and TOTP authenticators for the account.

    • Owners tab (account): Displays information about the owners of the account.

    • Dependent Assets (account): (Directory assets) Displays the assets that have dependency on the selected directory account. This tab only displays for a directory asset and displays the assets that have dependency on the selected directory account.

    • Check and Change Log tab (account): Displays the password and SSH key validation and reset history for the selected account.

    • Discovered Services tab (account): (Windows and Active Directory accounts) Displays information on the services dependent to a selected account.

    • Discovered SSH Keys (account): Displays the SSH keys discovered on the account.

    • History tab (account): Displays the details of each operation that has affected the selected account.

    For information about configuring Account Discovery in SPP, see Account Discovery job workflow.

    Use these toolbar buttons to manage accounts.

    • New Account: Add accounts to SPP. Adding an account.

    • Delete: Remove the selected account. Deleting an account.

    • View Details: Select an account then click this button to open additional information and options for the account.

    • Account Secrets: Possible menu options include:

      • Check Password

      • Change Password

      • Check SSH Key

      • Change SSH Key

    • Access Request: Allows you to enable or disable access request services for the selected account. Menu options include:

      • Enable Password Request

      • Disable Password Request

      • Enable Session Request

      • Disable Session Request

      • Enable SSH Key Request

      • Disable SSH Key Request

      • Enable API Key Request

      • Disable API Key Request

    • Discover SSH Keys: Run the SSH Key Discovery job.

    • Show Disabled: Display the accounts that are not managed and are disabled and have no associated assets.

      • Click Disable to prevent SPP from managing the selected account.

      • Click Enable to manage the selected account and assign it to the scope of the default profile.

    • Hide Disabled: Hide the accounts that are not managed and are disabled and have no associated assets.

      • Click Disable to prevent SPP from managing the selected account.

      • Click Enable to manage the selected account and assign it to the scope of the default profile.

    • Import: Click this to open a drop-down menu from which you can select to add accounts, passwords, or SSH keys to One Identity Safeguard for Privileged Passwords using a CSV file. For more information, see Importing objects.

    • Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

    • Refresh: Update the list of accounts.

    • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box..

    Related Documents

    The document was helpful.

    Select Rating

    I easily found the information I needed.

    Select Rating