It is the responsibility of the Asset Administrator to configure the rules so Safeguard for Privileged Passwords handles custom platforms. The custom platform script must be available for uploading. For more information, see Creating a custom platform script.
|
NOTE: Only SSH custom platforms are supported. |
To add a custom platform
Platform Script: Click Browse. Navigate to and select the script file. Click Open. The selected custom platform script file displays.
Directory administrators can define rules that will dynamically add tags to directory accounts so that they can be easily identified and added to dynamic groups. Use the Administrative Tools | Settings | Asset Management | Directory Tags pane to create and manage dynamic tags for directory accounts.
In addition, Asset administrators can manually add tags to directory accounts on the General tab of the Accounts view. For more information, see Manually adding a tag to an account.
The Directory Tags pane provides a centralized view of all the tags defined for directory accounts. It displays the following details.
Property | Description |
---|---|
Name |
The name assigned to the tag when it was created. |
Directories |
The parent directory to which the tag belongs. |
Rules |
Indicates whether there is a rule associated with the selected tag. A check mark in this column indicates that the tag has a directory rule. |
Description |
Information about the tag. |
Use these toolbar buttons to manage directory tags.
Option | Description | ||
---|---|---|---|
|
Add a dynamic tag definition. For more information, see Adding a tag for dynamic tagging of directory accounts. | ||
|
Remove the selected tag definition. For more information, see Deleting a directory account tag. | ||
|
Update the list of tags. | ||
|
Modify the selected tag definition. For more information, see Modifying a directory account tag.
| ||
|
Clone the selected tag definition and assign it to one or more additional directories. For more information, see Copying a directory account tag to another directory.
| ||
|
View a list of directory accounts that are assigned to the selected tag. For more information, see Viewing directory account tag assignments. | ||
Search |
Search for a specific tag or set of tags in the list. |
When does the rules engine run for dynamic grouping and tagging
Use the Add button on the Directory Tags pane in the Asset Management settings page to add a dynamic tag for directory accounts.
To add a dynamic tag for directory accounts
Click the toolbar button.
The New Tag dialog displays.
On the General tab, enter the following information:
On the Directory Account Rule tab, enter the conditions for a directory account rule.
Rule editor: Use the rule editor to define conditions for tagging directory accounts.
Property | Description |
---|---|
AND | OR |
Click AND to "and" multiple search criteria together; where all criteria must be met in order to be included. Click OR to "or" multiple search criteria together; where at least one of the criteria must be met in order to be included. |
Attribute |
In the first query clause box, select the attribute to be searched. Valid attributes include:
|
Operator |
In the middle clause query box, select the operator to be used in the search. The operators available depend upon the data type of the attribute selected. For string attributes, the operators may include:
For boolean attributes, the operators may include:
|
Search string |
In the last clause query box, enter the search string or value to be used to find a match. |
|
Click Click |
Add Grouping | Remove |
Click the A new grouping is added under the last query clause in a group and appears in a bordered pane showing that it is subordinate to the higher level query conditions. Click the Remove button to remove a grouping from the search criteria. |
Preview |
Click Preview to run the query in order to review the results of the query before adding the dynamic tag. |
Click Delete on the Directory Tags pane in the Asset Management settings page to delete a directory account tag from Safeguard for Privileged Passwords.
|
NOTE: All references to a tag will be removed, no matter how it was assigned (dynamically or manually). |
|
NOTE: A tag can be assigned to multiple object types. That is, you can have the same tag assigned to assets, asset accounts, and directory accounts. |
To delete a directory account tag
If the tag is being used, removing the tag may result in changes to your policy configuration; therefore, you are given the opportunity to confirm or cancel the remove operation.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy