Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Configuring SNMP subscriptions

It is the responsibility of the Appliance Administrator to configure Safeguard for Privileged Passwords to send SNMP traps to your SNMP console when certain events occur.

Note: To download Safeguard for Privileged Passwords MIB-module definitions from your appliance, enter the following URL into your web browser; no authentication is required:

https://<Appliance IP address>/docs/mib/SAFEGUARD-MIB.mib

To configure SNMP subscriptions

  1. Navigate to Administrative Tools | Settings | External Integration | SNMP.
  2. Click New to open the SNMP subscription configuration dialog.
  3. Provide the following information:
    Network Address

    Enter the IP address or FQDN of the primary SNMP network server.

    Limit: 255 characters

    Required

    UDP Port

    Enter the UDP port number for SNMP traps.

    Default: 162

    Required

    Description

    Enter the description of the SNMP subscriber.

    Limit: 255 characters

    Events

    Browse to select one or more SNMP event types.

    Use the Clear icon to remove an individual event from this list or right-click and select Remove All to clear all events from the list.

    NOTE: The SNMP pane displays the number of events that you select, not the names of the events.

    Version

    Choose the SNMP version: Version 1 or Version 2.

    Default: Version 2.

    Community

    Enter the SNMP community string, such as "public".

    The SNMP community string is like a user ID or password that allows access to a device's statistics, such as a router. A PRTG Network Monitor sends the community string along with all SNMP requests. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device simply discards the request and does not respond.

Verifying SNMP configuration

Use the Send Test Event link located under the SNMP table on the Settings | External Integration | SNMP pane.

To validate your setup

  1. When configuring your SNMP subscription, on the SNMP dialog add the "test" event to your event subscription.
  2. Back on the SNMP settings pane, select the SNMP configuration from the table, then select Send Test Event.

    Safeguard for Privileged Passwords sends a test event notification to your SNMP console.

Starling

Integrating One Identity Safeguard for Privileged Passwords with One Identity Starling allows you to take advantage of companion features from Starling services, such as Starling Two-Factor Authentication and Starling Identity Analytics & Risk Intelligence.

In order to use Starling 2FA with Safeguard for Privileged Passwords's Approval Anywhere feature or as a secondary authentication provider, you must join Safeguard for Privileged Passwords to Starling. This is done from the Administrative Tools | Settings | External Integration | Starling pane in the Safeguard for Privileged Passwords desktop client. This pane also includes the following links, which provide assistance with Starling:

  • Visit us online to learn more displays the Starling login page where you can create a new Starling account.
  • Trouble Joining displays the Starling support page with information on the requirements and process for joining with Starling.

NOTE: In previous versions of Safeguard for Privileged Passwords, you had to specify a Starling API key in order to use Approval Anywhere and Starling Two-Factor Authentication as a secondary authentication provider. This is no longer necessary when you join Safeguard for Privileged Passwords to Starling. If you previously configured these features, once you join to Starling, Safeguard for Privileged Passwords automatically migrates your previous configurations to use the credential string generated by the join process.

It is the responsibility of the Appliance Administrator to join One Identity Safeguard for Privileged Passwords to Starling.

Prerequisites

In order to use the companion features from Starling services, first configure the following:

  • A valid license for Safeguard for Privileged Passwords with One Identity Hybrid subscription included.

    NOTE: You must have a valid license for at least one of the Safeguard modules: Privileged Passwords or Privileged Sessions.

  • A Starling Organization Admin account or a Collaborator account associated with the One Identity Hybrid subscription. For more information on Starling, see the One Identity Starling User Guide.
  • If your company requires the use of a proxy to access the internet, you must configure the web proxy to be used. For more information on configuring a web proxy to be used by Safeguard for Privileged Passwords for outbound web requests to integrated services, see Networking.

To join Safeguard for Privileged Passwords with Starling

  1. Navigate to Administrative Tools | Settings.
  2. Select External Integration | Starling.

  3. Click Join to Starling.

    NOTE: The following additional information may be required:

    • If you do not have an existing session with Starling, you will be prompted to authenticate.
    • If your Starling account belongs to multiple organizations, you will be prompted to select which organization Safeguard for Privileged Passwords will be joined with.

    After the join has successfully completed, you will be returned to the Safeguard for Privileged Passwords desktop client and the Starling settings pane will now show Joined to Starling.

To unjoin Safeguard for Privileged Passwords from Starling

  1. In Settings, select External Integration | Starling.

  2. Click Unjoin Starling.

    Safeguard for Privileged Passwords will no longer be joined to Starling, which means that Approval Anywhere and two-factor authentication as a secondary authentication provider are also disabled in Safeguard for Privileged Passwords. A Starling Organization Admin account or Collaborator account associated with the Starling One Identity Hybrid subscription can rejoin Safeguard for Privileged Passwords to Starling at any time.

Syslog

Safeguard for Privileged Passwords allows you to define one or more syslog servers to be used for logging Safeguard for Privileged Passwords event messages. Using this feature, Appliance Administrators can specify to send different types of messages to different syslog servers.

Navigate to Administrative Tools | Settings | External Integration | Syslog. The Syslog pane displays the following about each syslog server defined.

Table 201: Syslog server: Properties
Property Description
Network Address The IP address or FQDN of the syslog server.
Port The UDP port number for syslog server.
Facility The type of program being used to create syslog messages.
Description The description of the syslog server configuration.
# of Events The number of events selected to be logged to the syslog server.

Use these toolbar buttons to manage the syslog server configurations.

Table 202: Syslog server: Toolbar
Option Description
New Add a new syslog server configuration. For more information, see Configuring a syslog server.
Delete Selected

Remove the selected syslog server configuration from Safeguard for Privileged Passwords.

Refresh Update the list of syslog server configurations.
Edit Modify the selected syslog server configuration.
Copy Clone the selected syslog server configuration.
Related Documents