Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Trusted Certificates

It is the responsibility of the Appliance Administrator to add or remove trusted root certificates to the Safeguard for Privileged Passwords Appliance, if necessary, in order for the SSL certificate to resolve the chain of authority. When Safeguard for Privileged Passwords connects to an asset that has the Verify SSL Certificate option enabled, Safeguard for Privileged Passwords compares the signing authority of the certificate presented by the asset to the certificates in the trusted certificate store.

Navigate to Administrative Tools | Settings | Certificates | Trusted Certificates. The Trusted Certificates pane displays the following information for the user-supplied certificates added to the trusted certificate store.

Table 177: Trusted certificates: Properties
Property Description
Subject The name of the subject (such as user, program, computer, service or other entity) assigned to the certificate when it was requested.
Invalid Before A "start" date and time that must be met before a certificate can be used.
Expiration Date The date and time when the certificate expires and can no longer be used.
Thumbprint A unique hash value that identifies the certificate.
Issued By The name of the certificate authority (CA) that issued the certificate.

Adding a trusted certificate

Prior to adding an asset that uses SSL server certificate validation, add the certificate's root CA and any intermediate CAs to the Trusted Certificates store in Safeguard for Privileged Passwords.

To add a trusted certificate

  1. Navigate to Administrative Tools | Settings | Certificates | Trusted Certificates.
  2. Click  Add Certificate from the details toolbar.

  3. Browse to select a certificate file (DER Encoded file: .cer or .der).
  4. Click Open to add the selected certificate file to Safeguard for Privileged Passwords.

Removing a trusted certificate

To remove certificates from the appliance

  1. Navigate to Administrative Tools | Settings | Certificates | Trusted Certificates.
  2. Select a certificate.
  3. Click  Delete Selected from the details toolbar.

    Important: Safeguard for Privileged Passwords does not allow you to remove built-in certificate authorities.

Cluster settings

Use the Cluster settings to create a clustered environment, to monitor the health of the cluster and its members, and to define managed networks for high availability and load distribution.

It is the responsibility of the Appliance Administrator or the Operations Administrator to create a cluster, monitor the status of the cluster, and define managed networks.

Before creating a Safeguard for Privileged Passwords cluster, become familiar with the Disaster recovery and clusters chapter to understand:

Navigate to Administrative Tools | Settings | Cluster.

Table 178: Cluster settings
Setting Description

Cluster Management

Where you create and manage a cluster and monitor the health of the cluster and its members.

Managed Networks

Where you define managed networks to distribute the task load for the clustered environment.

Related Documents