Use the controls and tabbed pages on the Directories page to perform the following tasks to manage directories:
It is the responsibility of the Directory Administrator to add directories to Safeguard for Privileged Passwords.
Use the Directories view to add new directories to Safeguard for Privileged Passwords.
General tab |
Where you select the type of directory and add its service account information. |
Attributes tab |
Where you synchronize the attributes in Safeguard for Privileged Passwords to the directory schema attributes. |
When you create a new directory, Safeguard for Privileged Passwords creates a corresponding default profile with default schedules and rules.
-OR-
Use the Directories | General tab to specify the type of directory to be searched and add the required service account information.
Property | Description | ||
---|---|---|---|
Product |
Select a type of directory:
Required | ||
Service Account Domain Name |
For Active Directory, enter the fully qualified Active Directory domain name, such as example.com. Do not enter the domain controller hostname, such as server.example.com; the domain controller's IP address, such as 10.10.10.10; or the NETBIOS domain name, such as EXAMPLE.
Limit: 255 characters Required | ||
Network Address |
For OpenLDAP, enter a network DNS name or the IP address of the LDAP server for Safeguard for Privileged Passwords to use to connect to the managed system over the network. Limit: 255 characters Required | ||
Service Account Name |
For Active Directory, enter an account for Safeguard for Privileged Passwords to use for management tasks. When you add the directory, Safeguard for Privileged Passwords automatically adds the service account to the directory's Accounts tab and disables it for access requests. If you want the password to be available for release, click (or tap)
Required | ||
Service Account Distinguished Name |
For OpenLDAP, enter a fully qualified distinguished name (FQDN) for Safeguard for Privileged Passwords to use for management tasks. For example: cn=dev-sa,ou=people,dc=example,dc=com Required Limit: 255 characters | ||
Service Account Password |
Enter the password Safeguard for Privileged Passwords uses to authenticate to this directory. Limit: 255 characters Required | ||
Description |
Enter information about this external identity provider. Limit: 255 characters | ||
Connect |
Click (or tap) Connect to verify the credentials and load the schema attributes for this directory. | ||
Advanced | Open to reveal the following synchronization settings: | ||
Port |
For OpenLDAP, enter the port used for communication with the LDAP directory.
| ||
Use SSL Encryption | For OpenLDAP, select to enable Safeguard for Privileged Passwords to encrypt communication with an LDAP directory . | ||
Verify SSL Certificate |
For OpenLDAP, select to verify the SSL certificate. This option is only available when the Use SSL Encryption option is selected. | ||
Sync additions every |
Enter or select how often you want Safeguard for Privileged Passwords to synchronize directory additions (in minutes). This updates Safeguard for Privileged Passwords with any additions, or modifications that have been made to the directory objects, including group membership and user account attributes mapped to Safeguard for Privileged Passwords. Default: 15 minutes Range: Between 1 and 2147483647 | ||
Sync deletions every |
Enter or select how often you want Safeguard for Privileged Passwords to synchronize directory deletions (in minutes). This updates Safeguard for Privileged Passwords with any deletions that have been made to the directory objects, including group membership and user account attributes mapped to Safeguard for Privileged Passwords. Default: 15 minutes Range: Between 1 and 2147483647 |
On the Attributes tab, synchronize the attributes in Safeguard for Privileged Passwords to the directory schema attributes.
The Attributes tab displays the default directory attributes that are mapped to the Safeguard for Privileged Passwords properties, such as the user's first name.
To map the Safeguard for Privileged Passwords properties to different directory attributes
|
Note: You can use or remove the default object class. |
The following tables list the default directory attributes.
Safeguard for Privileged Passwords Attribute | Directory Attribute |
---|---|
Users | |
Object Class |
Browse to select a class definition that defines the valid attributes for the user object class. Default: user for Active Directory, inetOrgPerson for LDAP |
User Name |
sAMAccountName for Active Directory, cn for LDAP |
Password |
userPassword for LDAP |
First Name |
givenName |
Last Name |
sn |
Work Phone |
telephoneNumber |
Mobile Phone |
mobile |
| |
Description |
description |
Computers | |
Object Class |
Browse to select a class definition that defines the valid attributes for the computer object class. Default: computer for Active Directory, ipHost for LDAP |
Name |
cn |
Network Address |
dNSHostName for Active Directory, ipHostNumber for LDAP |
Operating System |
operatingSystem for Active Directory |
Operating System Version |
operatingSystemVersion for Active Directory |
Description |
description |
Groups | |
Object Class |
Browse to select a class definition that defines the valid attributes for the group object class. Default: group for Active Directory, groupOfNames for LDAP |
Name |
sAMAccountName for Active Directory, cn for LDAP |
Member |
member |
Description |
description |
© 2019 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy