Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

Step 5: Asset Administrator adds managed systems

  1. Log in to the desktop client using the Asset Administrator account.
  2. Add partitions and, optionally, delegate partition ownership to other users (Adding a partition).
  3. (Optional) Set the following Profile settings (or edit the default rules and settings defined when the partition was added):
    1. Account Password Rules
    2. Change Password
    3. Check Password
    4. Password sync groups
  4. (Optional) Create partition profiles or edit the default profiles created (Creating a partition profile).
  5. Add assets to the appropriate partitions and profiles (Adding an asset).
  6. Add accounts to control access to the assets (Adding an account).

TIP: Create asset and account discovery jobs to discover and, optionally, automatically add assets and accounts to Safeguard for Privileged Passwords. For more information, see Discovery.

Step 6: Security Policy Administrator adds access request policies

  1. Log in to the desktop client using the Security Policy Administrator account.
  2. Set Reasons. (Settings | Access Request | Reasons)
  3. Configure Approval Anywhere. (Settings | External Integration | Approval Anywhere).
  4. Add user groups (Adding a user group).
  5. Add local or directory users to local user groups (Adding users to a user group).
  6. Add account groups (Adding an account group).
  7. Add accounts to account groups (Adding one or more accounts to an account group).
  8. Add entitlements (Adding an entitlement).
  9. Add users or user groups to entitlements (Adding users or user groups to an entitlement).
  10. Create access request policies (Creating an access request policy).

Search box

Whether you are using the desktop client or web client, the search box can be used to filter the data being displayed. When you enter a text string into the search box, the results include items that have a string attribute that contains the text that was entered. This same basic search functionality is also available for many of the detail panes and selection dialogs, allowing you to filter the data displayed in the associated pane or dialog.

When searching for objects in the object lists, an attribute search functionality is also available where you can filter the results, based on a specific attribute. That is, the search term matches if the specified attribute contains the text. To perform an attribute search, click the icon to select the attribute to be searched.

Rules for using the search functionality:

  • Search strings are not case-sensitive. Exception: in the web client, the Approvals and Reviews searches are case sensitive.
  • Wild cards are not allowed.
  • Try using quotes and omitting quotes. As you use the product, you will become familiar with the search requirements for the search fields you frequent. Safeguard may perform a general search (for example, omits quotes) or a literal search (for example, includes quotes). Example scenarios follow:

    • On the Settings pane, search strings must be an exact match because a literal search is performed. Do not add quotes or underlines. For example, from the Settings pane, enter password rules to return Safeguard Access | Password Rules. If you enter "password rules" or password_rules, the following message is returned: No matches found.
    • On the Users pane search box:

      • A general search does not return anything if you use quotes because it uses a literal search (searches for the quotes). For example: searching for "ab_misc2" returns the message: There is nothing to show here.
      • You can use quotes in an attribute search if there are spaces in the search name. For example, entering the following in the search box Username: "ab_misc2" returns: AB_misc2.
  • When multiple search strings are included, all search criteria must be met in order for an object to be included in the results list.
  • When you combine a basic search and an attribute search, the order they are entered into the search box matters. The attribute searches can be in any order, but the basic search must come after the attribute searches.
  • In large environments, you will see a result number to tell you how many objects match the criteria; however, only the first 200 objects will be retrieved from the server. When you scroll down the list, more objects will be retrieved (paged) as needed.

To search for objects or object details

  1. Enter a text string in the Search box. As you type, the list displays items whose string attributes contain the text that was entered.

    Examples:

    • Enter T in the search box to search for items that contain the letter "T".
    • Enter sse to list all items that contain the string "sse," (such as "Asset")

    Note:The status bar along the bottom of the console shows the number of items returned.

  2. To clear the search criteria, click  Clear.

    When you clear the search criteria, the original list of objects are displayed.

You can also Search by attributeSelect a drop-down to sort

Search by attribute

The attributes available for searching are dependent on the type of object being searched. The search drop-down menu lists the attributes that can be selected.

API attributes can be searched

The drop-down menu lists a limited number of attributes that can be searched; however, you can perform an attribute search using the English name of any attribute as it appears in the API. Nested attributes can be chained together using a period (.). To see a list of all the attributes, see the API documentation. For information about the API, see How do I access the API.

Entering the search string

  1. Click the icon and select the attribute to be searched.

    The selected attribute is added to the search box. For example, if you select Last Name then LastName: is added to the search box.

  2. In the search box, enter the text string after the colon in the attribute label.

    You can specify multiple attributes, repeating these steps to add an additional attribute to the search box. Do not add punctuation marks, such as commas or colons, to separate the different attributes. When multiple attributes are included, all search criteria must be met in order for an object to be included in the results list.

    As you type, the list displays items whose selected attributes contain the text that was entered.

    Note:The status bar along the bottom of the console shows the number of items returned.

  3. To clear the search criteria, click Clear.

    When you clear the search criteria, the original list of objects are displayed.

Attributes in each Search box

The following attributes are available when you click the icon. In addition, API attributes can be searched in the search box.

Accounts

  • Name
  • Description
  • Asset
  • Domain Name
  • Profile
  • Partition
  • Tag

Account Groups

  • Name
  • Description
  • Dynamic

Assets

  • Name
  • Description
  • Platform
  • Forest Root Domain
  • Network Address
  • Partition
  • Is Directory
  • Tag

Asset Groups

  • Name
  • Description
  • Dynamic

Entitlements

  • Priority
  • Name
  • Description
  • Users Display Name
  • Users Name

Partitions

  • Name
  • Description

Users

  • User Name
  • Description
  • First Name
  • Last Name
  • Email Address
  • Domain Name

User Groups

  • Name
  • Description
Related Documents