Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Administrative Tools

The  Administrative Tools allow you to add all the objects you need to write access request policies, such as users, accounts, and assets. From this view, you can also configure all of the Safeguard for Privileged Passwords settings.

Note: You must have administrator permissions to use the  Administrative Tools and the administrator permissions you have determine what you can view and modify.

The navigation pane along the left side of the console gives you access to these administrative tools.

Table 25: Administrative Tools
Administrative Tools Description Administrator permissions
Toolbox Where you can gain quick access to all the tasks you can perform from a single portal. Users with any Safeguard administrator privileges.
Accounts Where you associate account identities with managed systems. Asset Administrator or Auditor
Account Groups Where you define sets of accounts which you can add to the scope of an access request policy. Auditor or Security Policy Administrator
Assets Where you add computers, servers, network devices, or applications to be managed by a Safeguard for Privileged Passwords Appliance. Asset Administrator or Auditor
Asset Groups Where you define sets of assets which you can add to the scope of an access request policy. Auditor or Security Policy Administrator
Directories Where you add external identity providers such as Microsoft Active Directory to Safeguard for Privileged Passwords. Auditor or Directory Administrator
Entitlements Where you specify the access request policies that restrict system access to authorized users. Auditor or Security Policy Administrator
Partitions Where you define collections of assets which can be used to segregate assets for delegation. Asset Administrator, Auditor, or delegated partition owner
Settings

Where you configure Safeguard for Privileged Passwords to run backups, install updates, manage clusters, manage certificates, enable event notifications, configure external integration, define profile configurations settings, define user password rules, define discovery rules, and run troubleshooting tools.

Users with any Safeguard administrator privileges, however, the settings available depend on the administrative permissions assigned.

Users Where you set up users who can log into Safeguard for Privileged Passwords.

Bootstrap, Asset Administrator, Auditor, Authorizer Administrator, Help Desk Administrator, Security Policy Administrator, or User Administrator

User Groups Where you define sets of Safeguard for Privileged Passwords users which you can add to an entitlement.

Bootstrap, Auditor, Authorizer Administrator, Security Policy Administrator, or User Administrator

All of the Administrative Tools views have the following components, except for the Toolbox and Settings:

  • Toolbar options across the top of the view.
  • Object list (left pane)
  • Search box at the top of the object list.
  • Details pane (right pane)

Toolbar options

The toolbar at the top of the views (except for the Toolbox and Settings), contain these options, depending on your Administrator permissions and the administrative tool you are in.

Table 26: Administrative Tools toolbar options
Option Description
Add Add objects to the Safeguard for Privileged Passwords appliance.
Delete Remove objects from the appliance.
Refresh

Refresh the screen.

NOTE: Whenever you add, modify, or delete an object in Administrative Tools, the changes you make cannot be seen by other administrators running Safeguard for Privileged Passwords on other clients unless they click Refresh.

Import

Only available for Accounts, Assets and Users: Add a set of objects from a .csv file. For more information, see Importing objects.

User Security

Only available for Users: Menu options include: Set Password and Unlock accounts. For more information about these options, refer to Setting a local user's password and Unlocking a user's account.

Account Security

Only available for Accounts: Menu options include: Set Password, Check Password, and Change Password. For more information, see Checking, changing, or setting an account password.

Permissions

Only available for Users: Set administrator permissions for users. For more information, see Administrator permissions.

Set as Default

Only available for Partitions: Set a directory or partition as the default. For more information, see Setting a default partition, Setting a default partition profile, and Setting a default directory profile.

Download SSH Key

Only available for Assets: Add the SSH Key to the selected asset. For more information, see Downloading a public SSH key.

Password Archive

Only available for Accounts: Display the password history for the selected account. For more information, see Viewing password archive.

Access Requests

Only available for Accounts: Enable or disable access request services for the selected account.

Discovery

Only available for Assets: Add or manage asset discovery jobs. For more information, see Discovery.

Show Ignored

Only available for Assets: Display the hidden assets.

Hide Ignored

Only available for Assets: Hide assets marked as "Ignore".

Sync Now

Only available for Directories: Run the directory addition and deletion synchronization process on demand. In addition, it runs through the discovery, if there are discovery rules and configurations set up.

Search box

The search box located at the top of the object list pane can be used to filter the data being displayed. When you enter a text string into the search box, the results include items that have a string attribute that "contains" the text that was entered. This same basic search functionality is also available for many of the detail panes and selection dialogs allowing you to filter the data displayed in the associated pane or dialog.

When searching for objects in the object lists, an attribute search functionality is also available where you can filter the results, based on a specific attribute. That is, the search term matches if the specified attribute "contains" the text. To perform an attribute search, click the icon to select the attribute to be searched.

Rules for using the search functionality:

  • Search strings are not case sensitive.
  • Wild cards are not allowed.

  • Try using quotes and omitting quotes. As you use the product, you will become familiar with the search requirements for the search fields you frequent. Safeguard may perform a general search (for example, omits quotes) or a literal search (for example, includes quotes). Example scenarios follow:

    • On the Settings pane, search strings must be an exact match because a literal search is performed. Do not add quotes or underlines. For example, from the Settings pane, enter password rules to return Safeguard Access | Password Rules. If you enter "password rules" or password_rules, the following message is returned: No matches found.

    • On the Users pane search box:

      • A general search does not return anything if you use quotes because it uses a literal search (searches for the quotes). For example: searching for "ab_misc2" returns the message: There is nothing to show here.
      • You can use quotes in an attribute search if there are spaces in the search name. For example, entering the following in the search box Username: "ab_misc2" returns: AB_misc2.
  • When multiple search strings are included, all search criteria must be met in order for an object to be included in the results list.
  • When you combine a basic search and an attribute search, the order they are entered into the search box matters. The attribute searches can be in any order, but the basic search must come after the attribute searches.
  • In large environments, you will see a result number to tell you how many objects match the criteria; however, only the first 200 objects will be retrieved from the server. When you scroll down the list, more objects will be retrieved (paged) as needed.

To search for objects or object details

  1. Enter a text string in the Search box. As you type, the list displays items whose string attributes contain the text that was entered.

    For example, enter T in the search box to search for items that contain the letter "T", or enter sse to list all items that contain the string "sse", such as "Asset".

    Note: The status bar along the bottom of the console shows the number of items returned.

  2. To clear the search criteria, click  Clear.

    When you clear the search criteria, the original list of objects are displayed.

To conduct an attribute search

The attributes available for searching are dependent on the type of object being searched. The search drop-down menu lists the attributes that can be selected.

The drop-down menu lists a limited number of attributes that can be searched; however, you can perform an attribute search using the English name of any attribute as it appears in the API. Nested attributes can be chained together using a period (.). To see a list of all the attributes, see the API documentation. For information about the API, see How do I access the API.

  1. Click the icon and select the attribute to be searched.

    The selected attribute is added to the search box. For example, if you select Last Name, LastName: is added to the search box.

  2. In the search box, enter the text string after the colon in the attribute label.

    You can specify multiple attributes, repeating these steps to add an additional attribute to the search box. Do not add punctuation marks, such as commas or colons to separate the different attributes. When multiple attributes are included, all search criteria must be met in order for an object to be included in the results list.

    As you type, the list displays items whose selected attributes contain the text that was entered.

    Note: The status bar along the bottom of the console shows the number of items returned.

  3. To clear the search criteria, click Clear.

    When you clear the search criteria, the original list of objects are displayed.

Sorting entity lists

By default the objects are listed in alphabetical order; however, you can use the controls located above the list to sort the object list.

To sort the object lists

  1. Select Ascending or Descending under the Search box to sort the list in either alphabetical or reverse-alphabetical order.
  2. To sort the list of Accounts, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Name (Default)
    • Description
    • Asset
    • Profile
    • Partition

  3. To sort the list of Account Groups, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
    • Dynamic
  4. To sort the list of Assets, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Name (Default)
    • Description
    • Platform
    • Network Address
    • Partition

  5. To sort the list of Asset Groups, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
    • Dynamic

  6. To sort the list of Directories, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
    • Platform
  7. To sort the list of Entitlements, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Priority (Default)
    • Name
    • Description

  8. To sort the list of Partitions, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
  9. To sort the list of Users, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • User Name (Default)
    • Description
    • First Name
    • Last Name
    • Email Address
    • Domain Name
  10. To sort the list of User Groups, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Name (Default)
    • Description
    • Type (Sorts by Local and Directory groups.)
Related Documents