One Identity Safeguard for Privileged Passwords allows you to enable or disable Safeguard for Privileged Passwords services from the Global Services page.
By default, services are disabled for service accounts and for accounts and assets found as part of a discovery job. Service accounts can be modified to adhere to these schedules and discovered accounts can be activated when managed.
It is the responsibility of the Appliance Administrator to manage these settings.
- Appliance Administrators can click the Disable All button to disable all services (as long as at least one service is currently enabled). A dialog will appear asking for confirmation before disabling the services.
- Click a toggle to change a setting: toggle on and toggle off.
- Click Refresh to update the information on the page.
Setting |
Description |
---|---|
Disable All |
Appliance Administrators can use this button to disable all services (as long as at least one service is currently enabled). A dialog will appear asking for confirmation before disabling the services. You will need to reenable each service individually. |
Requests | |
Session Requests |
Session requests are enabled by default, indicating that authorized users can make session access requests. There is a limit of 1,000 sessions on a single access request. Click the Session Requests toggle to disable this service so sessions can not be requested. NOTE: When Session Requests is disabled, no new session access requests can be initiated. Depending on the access request policies that control the target asset/account, you will see a message informing you that the Session Request feature is not available. In addition, current session access requests cannot be launched. A message appears, informing you that Session Requests is not available. For example, you may see the following message: This feature is temporarily disabled. See your appliance administrator for details. |
Password Requests |
Password requests are enabled by default, indicating that authorized users can make password release requests Click the Password requests toggle to disable this service so passwords can not be requested. NOTE: Disabling the password request service will place any open requests on hold until this service is reenabled. |
SSH Key Requests |
SSH key requests are enabled by default, indicating that authorized users can make SSH key release requests Click the SSH Key requests toggle to disable this service so SSH keys can not be requested. NOTE: Disabling the SSH Key request service will place any open requests on hold until this service is reenabled. |
API Key Requests |
API key requests are enabled by default, indicating that authorized users can make API key release requests Click the API Key requests toggle to disable this service so API keys can not be requested. NOTE: Disabling the API Key request service will place any open requests on hold until this service is reenabled. |
Password Management | |
Check Password Management |
Check password management is enabled by default, indicating that Safeguard for Privileged Passwords automatically performs the password check task if the profile is scheduled, and allows you to manually check an account's password. Click the Check password management toggle to disable the password validation service. NOTE:Safeguard for Privileged Passwords enables automatic password management services by default. Typically, you would only disable them during an organization-wide maintenance window. When disabling a password management service, Safeguard for Privileged Passwords allows all currently running tasks to complete; however, no new tasks will be allowed to start. |
Change Password Management |
Change password management is enabled by default, indicating that Safeguard for Privileged Passwords automatically performs the password change task if the profile is scheduled, and allows you to manually reset an account's password. Click the Change password management toggle to disable the password reset service. NOTE:Safeguard for Privileged Passwords enables automatic password management services by default. Typically, you would only disable them during an organization-wide maintenance window. When disabling a password management service, Safeguard for Privileged Passwords allows all currently running tasks to complete; however, no new tasks will be allowed to start. |
SSH Key Management | |
Check SSH Key |
SSH key check is enabled by default, indicating that SSH key check is managed per the profile governing the partition's assigned assets and the assets' accounts. Click the Check SSH Key toggle to disable the check service. |
Change SSH Key |
SSH key change is enabled by default, indicating that SSH key change is managed per the profile governing the partition's assigned assets and the assets' accounts. Click the Change SSH Key toggle to disable the change service. |
API Key Management | |
Check API Key |
API key check is enabled by default, indicating that API key check is managed per the profile governing the partition's assigned assets and the assets' accounts. Click the Check API Key toggle to disable the check service. |
Change API Key |
API key change is enabled by default, indicating that API key change is managed per the profile governing the partition's assigned assets and the assets' accounts. Click the Change API Key toggle to disable the change service. |
Discovery | |
Asset Discovery |
Asset discovery is enabled by default, indicating that available Asset Discovery jobs find assets by searching directory assets, such as Active Directory, or by scanning network IP ranges. For more information, see Discovery. |
Account Discovery |
Account discovery is enabled by default, indicating that available Account Discovery jobs find accounts by searching directory assets such as Active Directory or by scanning local account databases on Windows and Unix assets (/etc/passwd) that are associated with the account discovery job. For more information, see Discovery. |
Service Discovery |
Service discovery is enabled by default, indicating that available Service Discovery jobs find Windows services that run as accounts managed by Safeguard. For more information, see Discovery.. |
SSH Key Discovery |
SSH key discovery is enabled by default. With the toggle on, SSH keys in managed accounts are discovered. For more information, see SSH Key Discovery.. |
Directory | |
Directory Sync |
Directory sync is enabled by default, indicating that additions or deletions to directory assets are synchronized. You can set the number of minutes for synchronization. For more information, see Management tab (add asset). |
Audit Log Stream | |
Audit Log Stream Service |
Use this to send SPP data to SPS to audit the Safeguard privileged management software suite. The feature is disabled by default. To accept SPP data, the SPS Appliance Administrator must turn on audit log syncing. For information, see the Safeguard for Privileged Sessions Administration Guide. SPP and SPS must be linked to use this feature. For more information, see Safeguard for Privileged Passwords and SPS appliance link guidance. While the synchronization of SPP and SPS is ongoing, SPS is not guaranteed to have all of the audit data at any given point due to some latency. NOTE: This setting is also available under Security Policy Management > Settings. For more information, see Security Policy Settings. |
SCIM Provisioning | |
SCIM Provisioning |
Use this toggle to enable or disable SCIM provisioning on the appliance. For more information, see Adding identity and authentication providers. |
Application to Application | |
Application to Application |
Use this toggle to enable or disable the application to application connection behind a web application firewall via the TLS termination reverse proxy. The following configuration information is displayed and can be updated using the button:
|
Setting | Description |
---|---|
Disable All |
Appliance Administrators can use this button to disable all services (as long as at least one service is currently enabled). A dialog will appear asking for confirmation before disabling the services. You will need to reenable each service individually. |