Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Adding a tag for dynamic tagging of assets or asset accounts

Use the New button on the Tags pane in the Asset Management settings page to add a dynamic tag for an asset or asset account.

To add an asset or asset account dynamic tag

  1. Navigate to Administrative Tools | Settings | Asset Management | Tags.
  2. Click the toolbar button.

    The Tag dialog displays.

  3. On the General tab, enter the following information:

    • Name: Enter a unique name for the tag.
    • Description: Enter information about the tag.
    • Partition: Click Browse to select the partition to which this tag is to be assigned.
  4. On the Asset Account Rules tab, enter the conditions for an asset account rule.

    • Don't include an account rule for this tag: Select this check box if you do not want to include an account rule. Selecting this check box disabled the rule editor controls on this page. Proceed to the next tab.
    • Rule editor: Use the rule editor to define conditions for tagging asset accounts.

      Table 160: Asset Account Rules tab: Rule editor controls
      Property Description

      AND | OR

      Click AND to "and" multiple search criteria together; where all criteria must be met in order to be included.

      Click OR to "or" multiple search criteria together; where at least one of the criteria must be met in order to be included.

      Attribute

      In the first query clause box, select the attribute to be searched. Valid attributes include:

      • Name (Default)
      • Description
      • Platform
      • Disabled
      • Tag
      • Service Account
      • Partition Name
      • Asset Tag

      Operator

      In the middle clause query box, select the operator to be used in the search. The operators available depend upon the data type of the attribute selected.

      For string attributes, the operators may include:

      • Contains (Default)
      • Does not contain
      • Starts with
      • Ends with
      • Equals
      • Not equal

      For boolean attributes, the operators may include:

      • Is True
      • Is False

      Search string

      In the last clause query box, enter the search string or value to be used to find a match.

      |

      Click to the left of a search clause to add an additional clause to the search criteria.

      Click to remove the search clause from the search criteria.

      Add Grouping | Remove

      Click the Add Grouping button to add an additional set of conditions to be met.

      A new grouping is added under the last query clause in a group and appears in a bordered pane showing that it is subordinate to the higher level query conditions.

      Click the Remove button to remove a grouping from the search criteria.

      Preview

      Click Preview to run the query in order to review the results of the query before adding the dynamic tag.

  5. On the Asset Rules tab, enter the conditions for an asset rule.

    • Don't include an asset rule for this tag: Select this check box if you do not want to include an asset rule. Selecting this check box disabled the rule editor controls on this page. Proceed to the next tab.
    • Rule editor: Use the rule editor to define conditions for tagging assets.

      Table 161: Asset Rules tab: Rule editor controls
      Property Description

      AND | OR

      Click AND to "and" multiple search criteria together; where all criteria must be met in order to be included.

      Click OR to "or" multiple search criteria together; where at least one of the criteria must be met in order to be included.

      Attribute

      In the first query clause box, select the attribute to be searched. Valid attributes include:

      • Name (default)
      • Description
      • Platform
      • Disabled
      • Tag
      • Discovery Job Name
      • Partition Name
      • Profile
      • Network Address

      Operator

      In the middle clause query box, select the operator to be used in the search. The operators available depend upon the data type of the attribute selected.

      For string attributes, the operators may include:

      • Contains (Default)
      • Does not contain
      • Starts with
      • Ends with
      • Equals
      • Not equal

      For boolean attributes, the operators may include:

      • Is True
      • Is False

      Search string

      In the last clause query box, enter the search string or value to be used to find a match.

      |

      Click to the left of a search clause to add an additional clause to the search criteria.

      Click to remove the search clause from the search criteria.

      Add Grouping | Remove

      Click the Add Grouping button to add an additional set of conditions to be met.

      A new grouping is added under the last query clause in a group and appears in a bordered pane showing that it is subordinate to the higher level query conditions.

      Click the Remove button to remove a grouping from the search criteria.

      Preview

      Click Preview to run the query in order to review the results of the query before adding the dynamic tag.

  6. On the Summary tab, review your selections.

    • Asset Account Rules: Open the Asset Account Rules tab to review the conditions for an asset account rule.
    • Asset Rules: Open the Asset Rules tab to review the conditions for an asset rule.
  7. Click Add to create the tag, close the dialog, and return to the Tags pane.

Deleting an asset or asset account tag

Click Delete on the Tags pane in the Asset Management settings page to delete an asset or asset account tag from Safeguard for Privileged Passwords.

NOTE: All references to a tag will be removed, no matter how it was assigned (dynamically or manually).

NOTE: A tag can be assigned to multiple object types. That is, you can have the same tag assigned to assets, asset accounts, and directory accounts.

To delete an asset or asset account tag

  1. Navigate to Administrative Tools | Settings | Asset Management | Tags.
  2. Select the tag to be deleted.
  3. Click the toolbar button.
  4. On the Remove Selected confirmation dialog, click Yes.
  5. If the tag is being used, removing the tag may result in changes to your policy configuration; therefore, you are given the opportunity to confirm or cancel the remove operation.

    • To remove the tag, enter Force Delete and click OK.
    • To cancel the remove operation, click Cancel.

Modifying an asset or asset account tag

Use the Edit button on the Tags pane on the Asset Management settings page to modify an asset or asset account tag.

To modify an asset or asset account tag

  1. Navigate to Administrative Tools | Settings | Asset Management | Tags.
  2. Select the tag to be modified.
  3. Select the toolbar button.

    The Tag dialog displays allowing you to modify the selected tag.

  4. On the General tab, you can modify the following settings:

    • Name
    • Description

    NOTE: You cannot modify the partition assignment of an existing tag using the Edit operation. Use the Copy operation to clone the tag and assign it to an additional partition. Use the Delete operation to remove the tag from the existing partition.
  5. On the Asset Account Rules tab, you can modify the conditions for an asset account rule.

    • Don't include an account rule for this tag: Select this check box if you do not want to include an account rule. Selecting this check box disables the rule editor controls on this page. Proceed to the next tab.
    • Rule editor: Use the rule editor to modify the conditions for tagging asset accounts.

      Table 162: Asset Account Rules tab: Rule editor controls
      Property Description

      AND | OR

      Click AND to "and" multiple search criteria together; where all criteria must be met in order to be included.

      Click OR to "or" multiple search criteria together; where at least one of the criteria must be met in order to be included.

      Attribute

      In the first query clause box, select the attribute to be searched. Valid attributes include:

      • Name (Default)
      • Description
      • Platform
      • Disabled
      • Tag
      • Service Account
      • Partition Name
      • Asset Tag

      Operator

      In the middle clause query box, select the operator to be used in the search. The operators available depend upon the data type of the attribute selected.

      For string attributes, the operators may include:

      • Contains (Default)
      • Does not contain
      • Starts with
      • Ends with
      • Equals
      • Not equal

      For boolean attributes, the operators may include:

      • Is True
      • Is False

      Search string

      In the last clause query box, enter the search string or value to be used to find a match.

      |

      Click to the left of a search clause to add an additional clause to the search criteria.

      Click to remove the search clause from the search criteria.

      Add Grouping | Remove

      Click the Add Grouping button to add an additional set of conditions to be met.

      A new grouping is added under the last query clause in a group and appears in a bordered pane showing that it is subordinate to the higher level query conditions.

      Click the Remove button to remove a grouping from the search criteria.

      Preview

      Click Preview to run the query in order to review the results of the query before adding the dynamic tag.

  6. On the Asset Rules tab, you can modify the conditions for an asset rule.

    • Do not include an asset rule for this tag: Select this check box if you do not want to include an asset rule. Selecting this check box disables the rule editor controls on this page. Proceed to the next tab.
    • Rule editor: Use the rule editor to modify the conditions for tagging assets.

      Table 163: Asset Rules tab: Rule editor controls
      Property Description

      AND | OR

      Click AND to "and" multiple search criteria together; where all criteria must be met in order to be included.

      Click OR to "or" multiple search criteria together; where at least one of the criteria must be met in order to be included.

      Attribute

      In the first query clause box, select the attribute to be searched. Valid attributes include:

      • Name (default)
      • Description
      • Platform
      • Disabled
      • Tag
      • Discovery Job Name
      • Partition Name
      • Profile
      • Network Address

      Operator

      In the middle clause query box, select the operator to be used in the search. The operators available depend upon the data type of the attribute selected.

      For string attributes, the operators may include:

      • Contains (Default)
      • Does not contain
      • Starts with
      • Ends with
      • Equals
      • Not equal

      For boolean attributes, the operators may include:

      • Is True
      • Is False

      Search string

      In the last clause query box, enter the search string or value to be used to find a match.

      |

      Click to the left of a search clause to add an additional clause to the search criteria.

      Click to remove the search clause from the search criteria.

      Add Grouping | Remove

      Click the Add Grouping button to add an additional set of conditions to be met.

      A new grouping is added under the last query clause in a group and appears in a bordered pane showing that it is subordinate to the higher level query conditions.

      Click the Remove button to remove a grouping from the search criteria.

      Preview

      Click Preview to run the query in order to review the results of the query before adding the dynamic tag.

  7. On the Summary tab, review your changes and click OK.

Copying an asset or asset account tag to another partition

Tags for assets and asset accounts belong to a partition. Use the Copy button on the Tags pane on the Asset Management settings page to clone an asset or asset account tag and assign it to a different partition.

NOTE: You cannot modify the partition assignment of an existing tag using the Edit operation. Use the Copy operation to clone the tag and assign it to an additional partition. Use the Delete operation to remove the tag from the existing partition.

To copy an asset or asset account tag to another partition

  1. Navigate to Administrative Tools | Settings | Asset Management | Tags.
  2. Click the toolbar button.

    The Copy to dialog displays allowing you to select one or more partitions.

  3. Select the check box for the partitions to which the selected tag is to be assigned.

    If you do not see the partition you are looking for, you can create a new partition by clicking Create New. Clicking displays the Partition dialog allowing you to add a partition to Safeguard for Privileged Passwords. For more information, see Adding a partition. You must have Asset Administrator permissions to add partitions to Safeguard.

  4. Click OK.

    If a tag with the same name already exits in the selected partition, you will be asked if you want to replace the tag.

Related Documents