Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Adding an asset

It is the responsibility of the Asset Administrator to add assets and accounts to Safeguard for Privileged Passwords.

Safeguard for Privileged Passwords allows you to set up asset discovery jobs that run automatically. For more information, see Asset discovery job workflow.

Before you add systems to Safeguard for Privileged Passwords, make sure they are properly configured. For more information, see Preparing systems for management.

To add an asset

  1. Navigate to Administrative Tools | Assets.
  2. Click Add Asset from the toolbar.
  3. In the Asset dialog, provide information in each of the tabs:
    General tab

    Where you add general information about the asset.

    Management tab

    Where you add the network address, operating system and version information.

    Connection tab Where you add the authentication type information or custom platform properties.
Related Topics

Adding an account to an asset

Assigning an asset to a partition

Assigning a profile to an asset

Assigning assets or accounts to a partition profile

General tab

Use the General tab to specify general information about the asset, including the partition and profile to which the asset is assigned. An asset can only be in one partition at a time. When you add an asset to a partition, all accounts associated with that asset are automatically added to that partition. All assets must be governed by a profile. All new assets are automatically governed by the default profile unless otherwise specified.

Table 62: Asset: General properties
Property Description
Name

Enter a unique display name for the asset.

Limit: 100 characters

Required

Description

(Optional) Enter information about this managed system.

Limit: 255 characters

Partition

Browse to select a partition for this asset. You can set a specific partition as the default, see Setting a default partition.

Profile

Browse to select a profile to manage this asset's accounts.

You must assign all assets to a profile. Safeguard for Privileged Passwords assigns all new assets to the default profile unless you specify another. You can set a specific profile as the default. For more information, see Setting a default partition profile.

Click Reset to set the profile to the current default.

The Reset button only becomes active when the asset has been explicitly assigned to the profile. If the asset is only implicitly assigned to the profile, Safeguard for Privileged Passwords does not activate the Reset button. If you do not explicitly assign an asset to a profile, it is always assigned to the current default profile.

Management tab

Use the Administrative Tools | Assets | Management tab to add the network address, operating system and version information for an asset:

Table 63: Asset: Management tab properties
Property Description
Product

Select an operating system for this asset. A custom platform can be selected. For more information, see Custom Platforms.

NOTE: Safeguard for Privileged Passwords allows you to select a generic operating system of "Other" or "Other Linux". This allows you to add an asset to Safeguard for Privileged Passwords without designating a specific platform.

  • Other - Safeguard for Privileged Passwords cannot manage an asset with an "Other" operating system. You can manually change passwords on accounts associated with an asset with an "Other" operating system, but Safeguard for Privileged Passwords cannot automatically check or change the passwords, test connection, etc. because it cannot connect to the asset.
  • Other Linux - Safeguard for Privileged Passwords can manage an asset with "Other Linux" on a best effort basis.

"Other" platform details: Any "Other" platform type can be changed to different platform type. Conversely, any platform type can be changed to "Other", however, any property values specific to the current platform type will be lost. For example, you may want to change an "Other Linux" operating system to any type of Linux, such as AIX, HP-UX, or Solaris. Then, the specific platform type can be changed back to "Other", if needed. For more information, see Modifying an asset.

Version

Select the operating system version. When adding a Linux or Macintosh OS X system, Safeguard for Privileged Passwords allows you to choose an "Other" version.

NOTE: Safeguard for Privileged Passwords does not manage passwords for accounts on domain controllers. Manage accounts on domain controllers through the directory that hosts the domain controller. For more information, see Adding directory accounts to a directory.

Architecture

When applicable, select the operating system architecture.

Network Address

Enter a network DNS name or the IP address used to connect to the managed system over the network.

For Amazon Web Services assets, enter the Amazon AWS Account ID or Alias.

Advanced

Click to display settings specific to the custom platform.

Session Access Properties

Use the following settings to enable session access for this asset.

Enable Session Request

This check box is selected by default indicating that authorized users can request session access for this asset.

Clear this check box if you do not want to allow session requests for this asset.

RDP Session Port

Specify the access port on the target server to be used for RDP session requests.

Default: Port 3389

SSH Session Port

Specify the access port on the target server to be used for SSH session requests.

Default: Port 22

Connection tab

On the Connection tab, choose an authentication type and specify the service account credentials. The type of asset specified in the Product field on the Management tab determines the authentication types available for the asset. If the asset has a custom platform, the Custom Properties elements are displayed. For more information, see Custom Platforms.

Table 64: Asset authentication types
Authentication Type Description
SSH Key To authenticate to the asset using an SSH authentication key.
Directory Account

To authenticate to the asset using an account from an external identity store such as Microsoft Active Directory.

 NOTE: In order to use this authentication type, you must first add a directory to Safeguard for Privileged Passwords and add domain user accounts. For more information, see Directories.
Local System Account

For SQL Server assets, to authenticate to the asset using a local system account, which is a Windows user account on the server that is hosting the SQL database.

Password

To authenticate to the asset using a local service account and password.

Account Password

For Facebook and Twitter assets, to authenticate using the current account password. For more information, see Adding a cloud platform account.

Access Key

For Amazon Web Services assets, to authenticate to the asset using an access key. For more information, see Adding a cloud platform account.

None To authenticate to the asset manually.

Client ID: For SAP assets, enter the client ID.

Custom platform properties

If the Product field on the Management tab identified a custom platform, complete the dialog based on the custom properties of the custom platform script. Safeguard for Privileged Passwords checks to ensure the values match the type of the property which include: a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms. For more information, see Creating a custom platform script.

Related Documents