Safeguard for Privileged Passwords allows you to restore the data on your appliance to a selected backup.
|
Caution: If you restore a backup that is older than the Maximum Password Age set in the Login Control settings, all user accounts (including the bootstrap administrator) will be disabled and you will have to reset all of the user account passwords. If your bootstrap administrator's password is locked out, you can reset it from the recovery kiosk. For more information, see Admin password reset. |
To restore Safeguard for Privileged Passwords to a backup
|
Note: If the backup file is not listed, you can Upload it first. |
Safeguard for Privileged Passwords automatically restarts the appliance, if necessary.
|
Note: All modifications to Safeguard for Privileged Passwords objects since the backup was created will be lost. |
|
Caution: After a restore, requesters, approvers, and reviewers will not have access to any access request workflow events that were in process at the time of the backup. The Activity Center displays those workflow events as incomplete. |
|
Note: Safeguard for Privileged Passwords does not restore the appliance IP address, NTP settings or the DNS settings. To verify that these settings are correct after a restore, go to Settings | Appliance Information. |
When adding an asset, Test Connection verifies that Safeguard for Privileged Passwords can log into the asset using the service account credentials that you have provided.
When adding an asset that requires an SSH host key, Test Connection first discovers the key and presents it to you for acceptance. When you accept it, Test Connection then verifies that Safeguard for Privileged Passwords can log into the asset using the service account credentials that you have provided.
Once you save the new asset, Safeguard for Privileged Passwords saves the service account credentials. Safeguard for Privileged Passwords uses these credentials to connect to an asset to securely manage accounts and passwords on that asset. For more information, see About service accounts.
If you want to verify an existing asset's connectivity, use the Check Connection right-click command. For more information, see Checking an asset's connectivity.
You can configure Safeguard for Privileged Passwords to authenticate to a managed system using an SSH authentication key.
|
Note: This option is not available for all operating systems. But if a Safeguard for Privileged Passwords asset requires an SSH host key and does not have one, Check Password, Change Password, and Test Connection will fail. For more information, see Connectivity failures. |
Property | Description | ||
---|---|---|---|
Automatically Generate the SSH Key |
Select this option to have Safeguard for Privileged Passwords generate the SSH authentication key. | ||
Manually Deploy the SSH Key |
When you select Automatically Generate the SSH Key, Safeguard for Privileged Passwords allows you to select this option so that you can manually append this public key to the authorized keys file on the managed system for the service account. For more information, see Downloading a public SSH key. The SSH authentication key becomes available after Safeguard for Privileged Passwords creates the asset.
| ||
Import and Manually Deploy the SSH Key |
Select this option, then Browse to import an SSH authentication key. For more information, see Importing an SSH key. | ||
Key Comment |
(Optional) Enter a description of this SSH key. | ||
Service Account Name |
Enter the service account name that Safeguard for Privileged Passwords is to use for management tasks.
Required | ||
Service Account Password |
If not importing the SSH authentication key, then you must enter the service account password Safeguard for Privileged Passwords needs to authenticate to this managed system. Limit: 255 characters Required | ||
Test Connection |
Click (or tap) this button to verify that Safeguard for Privileged Passwords can log into this asset using the service account credentials you have provided. For more information, see About Test Connection. | ||
Privilege Elevation Command |
Enter a privilege elevation command (such as sudo), if required. Safeguard for Privileged Passwords uses this as a prefix for commands that require privileged access on the system and to manage accounts on Unix-based systems; that is, to check and change passwords and to discover accounts.
Limit: 255 characters | ||
Auto Accept SSH Host Key |
Select this option to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the Safeguard for Privileged Passwords asset. When this option is selected, Safeguard for Privileged Passwords displays the thumbprint of the SSH host key that was discovered.
| ||
Port |
Enter the port number used by SSH to log into the managed system. Required | ||
Connection Timeout |
Enter the command timeout period.
Default: 20 seconds |
|
Note: Safeguard for Privileged Passwords will not rotate SSH Keys unless you select the Manage SSH Key option in the asset's profile change schedule. For more information, see Adding change password settings. |
When you add an asset using the SSH Key authentication type, Safeguard for Privileged Passwords gives you the option to Use an Imported SSH Key.
To import an SSH Key
© 2019 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy