Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.9 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Installing the desktop client Setting up Safeguard for Privileged Passwords for the first time The console Navigation pane Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Historical changes by release Glossary

Password is pending a reset

If a user receives a persistent message that states, "You cannot checkout the password for this account while another request is pending password reset" or "This account has password requests which have not yet expired or have to be reviewed. It cannot be deleted now", the account password is stuck in a pending password change state.

Ensure that the service account for the asset associated with this account is working. Then manually change the account password. For more information, see Checking, changing, or setting an account password.

Or, if the service account for the asset is working properly and the policy governing the account allows emergency access and has enabled multiple users simultaneous access, you can instruct the user to request the password using Emergency Access.

Related Topics

Password is pending review

Profile did not run

The password management settings Settings | Access Request | Enable or Disable Services enable the automatic profile check and change schedules in partitions.

Ensure the password management settings are enable for profiles to run on schedule:

  • Check Password Management Enabled
  • Change Password Management Enabled

For more information, see Enable or Disable Services (Access request and password management services).

Recovery kiosk

Safeguard for Privileged Passwords provides a recovery kiosk with these options.

  • Appliance information: Allows you to view basic appliance information.
  • Power options: These options allow you to remotely restart or shut down the appliance.
  • Admin password reset: Allows you to reset the bootstrap administrator's password to its initial value.
  • Factory reset from a kiosk: Allows you to recover from major problems or to clear the data and configuration settings on the appliance.

    Caution: Care should be taken when performing a factory reset against a physical appliance, because this operation removes all data and audit history, returning it to its original state when it first came from the factory. The appliance must go through configuration again as if it had just come from the factory. For more information, see Setting up Safeguard for Privileged Passwords for the first time.

    In addition, performing a factory reset may change the default SSL certificate and default SSH host key.

  • Support bundle: Allows you to generate and send a support bundle to a Windows share.

To start the recovery kiosk

On the terminal or laptop running the recovery kiosk, you must configure your serial port settings as follows:

  1. Connect a serial cable from a laptop or terminal to the serial port on the back of the appliance marked with |0|0|.
  2. On the laptop or terminal, configure the serial port settings as follows:

    • Speed: 115200
    • Data bits: 8
    • Parity: None
    • Stop bit: 1
  3. These options display on the recovery kiosk screen:

    • Appliance Information
    • Power Options

      • Reboot
      • Shut Down
    • Admin Password Reset
    • Factory Reset
    • Support Bundle
  4. Use the up-arrow and down-arrow to select one of these options.
  5. Use the right-arrow to initiate the option.
  6. Use the left-arrow to return to the option.
Kiosk keyboard shortcuts

Safeguard for Privileged Passwords provides these keyboard shortcuts. If you make the window too small to accommodate the kiosk elements, Safeguard for Privileged Passwords tells you how to readjust the window size.

  • Ctrl + D: Resets the kiosk to its original state. Clears challenges and options.

    Caution: When resetting the bootstrap admin password or performing a factory reset, if you reset the kiosk before you receive the response from One Identity Support, you must submit a new challenge.

  • Ctrl + R: Re-draws the kiosk to fit a resized window. If you resize the window, press Ctrl + R to reorganize the kiosk elements to fit properly into the newly-sized window.

Appliance information

Use the Appliance Information option on the recovery kiosk to view basic appliance information and edit the IP addresses.

To view or edit the appliance information

  1. From the recovery kiosk, select the Appliance Information option.
  2. Right-arrow to see:

    • Appliance State: The appliance's current state.
    • Uptime: The amount of time (hours and minutes) the appliance has been running.
    • MGMT: The management host's network interface properties, including the MAC address and IPv4 (and optionally IPv6) properties.
    • X0: The network interface properties for the primary interface that connects your appliance to the network, including the MAC address and IPv4 (and optionally IPv6) properties.
    • X1: The network interface properties used for the embedded sessions module, including the MAC address and IPv4 (and optionally IPv6) properties. If one or more Safeguard Sessions Appliances are joined to Safeguard for Privileged Passwords, X1 is not available in Safeguard for Privileged Passwords.
  3. To change the network properties for the primary interface (x0) or session interface (X1), if available, click Edit next to the appropriate heading. Clicking Edit displays the network interface properties which can be modified.

  4. After editing the network interface properties, click Submit.

    Once the updates are completed, a "Network interface update request accepted" message is displayed.

Related Documents