One Identity Safeguard for Privileged Passwords can be configured to send email notifications warning you of operations that may require investigation or action. Your administrative permissions determine which email notifications you will receive by default.
Administrative permission | Event/Warning |
---|---|
Appliance Administrator Operations Administrator |
Appliance Healthy Appliance Restarted Appliance Sick Appliance Task Failed Archive Task Failed Cluster Failover Started Cluster Replica Enrollment Completed Cluster Replica Removal Started Cluster Reset Started Disk Usage Warning Factory Reset Appliance License Expired License Expiring Soon NTP Error Detected Operational Mode Appliance Raid Error Detected Reboot Appliance Shutdown Appliance |
Asset Administrator or delegated partition owner |
Account Discovery Failed Dependent Asset Update Failed Password Change Failed Password Check Failed Password Check Mismatch Password Reset Needed Restore Account Failed Ssh Host Key Mismatch Ssh Key Change Failed Ssh Key Install Failed Suspend Account Failed Test Connection Failed |
Security Policy Administrator |
Policy Expiration Warning Policy Expired Entitlement Expiration Warning Entitlement Expired |
|
NOTE: Safeguard for Privileged Passwords administrators can use the following API to turn off these built-in email notifications: POST /service/core/v2/Me/Subscribers/{id}/Disable In addition, Safeguard for Privileged Passwords administrators can subscribe to additional events based on their administrative permissions using the following API: POST /service/core/v2/Events |
Use the Send Test Event link located below the Syslog configuration table on the Syslog pane to verify your syslog server configuration. Navigate to Administrative Tools | Settings | External Integration | Syslog.
To validate your setup
Safeguard for Privileged Passwords logs a test message to the designated syslog server.
|
Note: To log event messages to a syslog server, you must configure Safeguard for Privileged Passwords to send alerts. For more information, see Configuring alerts. |
Dynamic account groups are associated with rules engines that run when pertinent objects are created or changed. For example:
You can create a dynamic account group without any rules; however, no accounts will to added to this dynamic account group until you have added a rule.
In large environments, there is a possibility that the user interface may return before all of the rules have been reevaluated and you may not see the results you were expecting. If this happens, wait a few minutes and Refresh the screen to view the results.
Related topic:
Adding a dynamic account group
There are three ways a password can change while a user has it checked out.
If the password changes while a user has it checked out, and the current request is still valid, the user can select either Copy or Show Password again to obtain the new password.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy