When you add an asset using the SSH Key authentication type, Safeguard for Privileged Passwords gives you the option to Use an Imported SSH Key.
To import an SSH Key
You can configure Safeguard for Privileged Passwords to authenticate to a managed system using an account from an external identity store such as Microsoft Active Directory. In order to use this authentication type, you must first add a directory to Safeguard for Privileged Passwords and add domain user accounts. For more information, see Directories.
Property | Description |
---|---|
Service Account |
Click Select Account to choose a domain user account. The accounts available for selection are domain user accounts that are linked to a directory that was previously added to Safeguard for Privileged Passwords. Required |
Test Connection |
Click this button to verify that Safeguard for Privileged Passwords can log into this asset using the service account credentials you have provided. For more information, see About Test Connection. |
Advanced |
Open to reveal the following settings which depend on the type of asset: |
Privilege Level Password | Enter the system enable password to allow access to the Cisco configuration. |
Privilege Elevation Command |
Enter a privilege elevation command (such as sudo), if required. This is used as a prefix for commands that require privileged access on the system and to manage accounts on Unix-based systems; that is, to check and change passwords and to discover accounts. When adding an asset, Safeguard for Privileged Passwords uses this command to perform Test Connection. For more information, see About Test Connection. To enable Safeguard for Privileged Passwords to elevate the privileges of the service account, assign the asset to the scope of a partition profile that has the privilege elevation command defined. For more information, see Creating a partition profile. The privilege elevation command must run non-interactively, that is, without prompting for a password. For more information, see Prepare Unix-based systems. Unix-based systems; that is, to check and change passwords and to discover accounts. Limit: 255 characters |
Auto Accept SSH Host Key |
Select this option to have Safeguard for Privileged Passwords automatically accept an SSH host key. When an asset requiring an SSH host key does not have one, Check Password will fail. For more information, see Connectivity failures. |
Instance |
(Optional) Specify the instance name if you have configured multiple instances of a SQL Server on this asset. If you have configured a default (unnamed) instance of the SQL Server on the host, you need to provide the IP address and port number. |
Port |
Enter the port number to log into the asset. This option is not available for all operating systems. Required |
Connection Timeout |
Enter the directory connection timeout period. Default: 20 seconds |
You can configure Safeguard for Privileged Passwords to authenticate to a managed SQL Server using a local system account and password. The local system account is a Windows user account on the server that is hosting the SQL database.
|
NOTE: In order to use this authentication type, you must add both a Windows asset and a SQL Server asset to Safeguard for Privileged Passwords. |
Property | Description | ||
---|---|---|---|
Service Account |
Click Select Account to choose the local system account associated with the SQL Server for Safeguard for Privileged Passwords to use for management tasks. Required | ||
Test Connection |
Click this button to verify that Safeguard for Privileged Passwords can log into this asset using the local system account credentials you have provided. For more information, see About Test Connection. | ||
Advanced |
Open to reveal the following settings: | ||
Instance |
(Optional) Specify the instance name if you have configured multiple instances of a SQL Server on this asset.
| ||
Port |
Enter the port number to log into the asset. Required | ||
Connection Timeout |
Enter the SQL server connection timeout period. Default: 20 seconds |
You can configure Safeguard for Privileged Passwords to authenticate to a managed system using a local service account and password.
|
Note: Some options are not available for all operating systems. |
Property | Description | ||||
---|---|---|---|---|---|
Distinguished Name |
For LDAP platforms, enter the fully qualified distinguished name (FQDN) for the service account. For example: cn=dev-sa,ou=people,dc=example,dc=com | ||||
Service Account Name |
Browse to select the service account for Safeguard for Privileged Passwords to use for management tasks. When you add the asset, Safeguard for Privileged Passwords automatically adds the service account to Accounts. For more information, see About service accounts. Required except for LDAP platforms, which use the Distinguished Name. | ||||
Service Account Password |
Enter the service account password used to authenticate to this asset. Limit: 255 characters Required | ||||
Test Connection |
Click this button to verify that Safeguard for Privileged Passwords can log into this asset using the service account credentials you have provided. For more information, see About Test Connection. | ||||
Privilege Level Password |
Enter the Enable password to allow access to the Cisco configuration. | ||||
Privilege Elevation Command |
Enter a privilege elevation command (such as sudo), if required. This is used as a prefix for commands that require privileged access on the system and to manage accounts on Unix-based systems; that is, to check and change passwords and to discover accounts. When adding an asset, Safeguard for Privileged Passwords uses this command to perform Test Connection. For more information, see About Test Connection. To enable Safeguard for Privileged Passwords to elevate the privileges of the service account, assign the asset to the scope of a partition profile that has the privilege elevation command defined. For more information, see Creating a partition profile. The privilege elevation command must run non-interactively, that is, without prompting for a password. For more information, see Prepare Unix-based systems. Unix-based systems; that is, to check and change passwords and to discover accounts. Limit: 255 characters | ||||
Auto Accept SSH Host Key |
This option is selected by default indicating that Safeguard for Privileged Passwords automatically accepts an SSH host key. Once the SSH host key is discovered, the SSH host key fingerprint is displayed.
| ||||
Use SSL Encryption |
Select this option to enable Safeguard for Privileged Passwords to encrypt communication with this asset.
| ||||
Verify SSL Certificate |
Use this option to enable or disable SSL Certificate verification on the asset. When enabled, Safeguard for Privileged Passwords compares the signing authority of the certificate presented by the asset to the certificates in the Trusted Certificates store every time Safeguard for Privileged Passwords connects to the asset. Trust must be established for Safeguard for Privileged Passwords to manage the asset.
| ||||
Instance |
(Optional) Specify the instance name if you have configured multiple instances of a SQL server on this asset.
| ||||
Workstation ID |
Specify the configured workstation ID, if applicable. This option is only available for IBM i systems. | ||||
Port |
Enter the port number on which the asset will be listening for connections. Default: port 22; port 1433 for SQL server; port 8443 for SonicWALL SMA or CMS appliance. Required | ||||
Connection Timeout |
Enter the connection timeout period. Default: 20 seconds |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy