The Profiles tab displays the profiles associated with the selected directory. For more information, see About profiles.
Click (or tap) Create Profile from the details toolbar to add a profile to the selected directory.
Property | Description |
---|---|
Name |
Password management profile name. |
Default |
"Default" displays in this column for the default profile. For more information, see Setting a default directory profile. |
Description |
Information about the profile. |
Use these buttons on the details toolbar to manage your directory profiles.
Option | Description |
---|---|
Add a profile to the selected directory. For more information, see Creating a directory profile. | |
|
Remove the selected directory profile. For more information, see Deleting a directory. |
Update the list of directory profiles. | |
Modify the selected directory profile. For more information, see Modifying a directory profile. | |
Set the selected profile as the default directory profile. For more information, see Setting a default directory profile. | |
View additional details about the selected directory profile. | |
To locate a specific directory profile or set of profiles in this list, enter the character string to be used to search for a match. For more information, see Search box. |
Adding accounts to a directory profile
How do I see which assets and/or accounts are governed by a profile
A profile is a set of configuration settings for a set of accounts in a partition or directory.
When you create a new partition or directory, Safeguard for Privileged Passwords creates a corresponding default profile with default schedules and rules. You can create multiple profiles to govern the accounts assigned to a partition or directory. Both assets and accounts are assigned to the scope of a profile.
For example, suppose you have an asset with 12 accounts and you configure the profile to check and change passwords every 60 days. If you want the password managed for one of those accounts every 7 days, you can create another profile and add the individual account to the new profile. Now, Safeguard for Privileged Passwords will check and change all the passwords on this asset every 60 days except for this account, which will change every 7 days.
It is important to understand the difference between implicit and explicit assignments to a profile.
Implicit associations
Safeguard for Privileged Passwords makes implicit assignments. For example, when you add an asset to Safeguard for Privileged Passwords, it automatically adds the asset to the default partition and assigns it to the scope of the default profile. This is called implicit association. Assets implicitly inherit the partition's default profile. Similarly, accounts inherit their parent asset’s profile. That means when you add an account to an asset, Safeguard for Privileged Passwords implicitly adds that account to its asset’s profile.
Later if you reassign the asset to another profile, Safeguard for Privileged Passwords automatically reassigns all of the asset’s associated accounts to the new profile.
Explicit associations
Safeguard for Privileged Passwords allows you to explicitly add an asset or an account to a specific profile. When you explicitly assign an asset to a profile, it overrides the implicit inheritance from the partition so the asset's profile is no longer determined by its partition. Similarly, when you explicitly assign an account to a profile, Safeguard for Privileged Passwords overrides the implicit inheritance from the asset and the account’s profile is no longer determined by its asset.
Now if you reassign the asset to another profile, Safeguard for Privileged Passwords will not reassign the asset’s associated accounts that were explicitly assigned to the old profile.
Resetting the default profile
If you set another profile as the default, Safeguard for Privileged Passwords implicitly reassigns all assets and their associated accounts to that new default, but it will not reassign any assets or accounts that you have explicitly assigned to a profile. Once the implicit inheritance is broken, changing a partition's (or directory's) default profile has no effect on the scope of a profile. For more information, see Setting a default partition profile or Setting a default directory profile.
Assigning assets or accounts to a partition profile
Adding accounts to a directory profile
Assigning a profile to an asset
How do I manage accounts on unsupported platforms
How do I see which assets and/or accounts are governed by a profile
The Directories | Discovered Accounts tab allows you to add directory accounts to Safeguard for Privileged Passwords as a result of any directory account discovery jobs that have run against the selected directory. For more information, see Directory account discovery job workflow.
The Discovered Accounts tab displays the following for the selected directory.
Property | Description |
---|---|
Status |
Indicates Ignored or Managed or is blank for any directory account that you have not previously tagged as Ignore or Manage. |
Account Name |
The name of the discovered directory account. |
Domain Name |
The name of the domain where the discovered account resides. |
Profile |
The name of the profile that manages the account. |
Date/Time Discovered |
The date and time when the account was discovered. |
Use these buttons on the details toolbar to manage your discovered directory accounts.
Option | Description |
---|---|
Select to add the selected account to the selected directory, and assign it to the scope of the default profile. For more information, see Setting a default directory profile. | |
Select to prevent Safeguard for Privileged Passwords from managing the selected directory account. | |
Update the list of discovered accounts. | |
To locate a specific account or set of accounts in this list, enter the character string to be used to search for a match. |
The History tab allows you to view or export the details of each operation that has affected the selected directory.
The History tab contains the following information:
Property | Description | ||
---|---|---|---|
Date/Time | The date and time of the event. | ||
User | The display name of the user that triggered the event. | ||
Source IP | The network DNS name or IP address of the managed system that triggered the event. | ||
Object Name | The name of the selected directory. | ||
Event |
The type of operation made to the selected directory:
| ||
Related Object | The name of the related object. | ||
Related Object Type | The type of the related object. | ||
Parent | The name of the object to which the selected directory is a child. | ||
Parent Object Type | The parent object type. |
Select an event to display this additional information for some types of events (for example, create and update events).
Property | Description |
---|---|
Property | The property that was updated. |
Old Value | The value of the property before it was updated. |
New Value | The new value of the property. |
© 2019 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy