The Administrative Tools allow you to add all the objects you need to write access request policies, such as users, accounts, and assets. From this view, you can also configure all of the Safeguard for Privileged Passwords settings.
|
Note: You must have administrator permissions to use the |
The navigation pane along the left side of the console gives you access to these administrative tools.
Administrative Tools | Description | Administrator permissions |
---|---|---|
Toolbox | Where you can gain quick access to all the tasks you can perform from a single portal. | Users with any Safeguard administrator privileges. |
Accounts | Where you associate account identities with managed systems. | Asset Administrator or Auditor |
Account Groups | Where you define sets of accounts which you can add to the scope of an access request policy. | Auditor or Security Policy Administrator |
Assets | Where you add computers, servers, network devices, or applications to be managed by a Safeguard for Privileged Passwords Appliance. | Asset Administrator or Auditor |
Asset Groups | Where you define sets of assets which you can add to the scope of an access request policy. | Auditor or Security Policy Administrator |
Discovery | Where you configure asset and account discovery jobs which apply a set of rules to discover and automatically add assets and accounts to Safeguard for Privileged Passwords | Auditor or Asset Administrator |
Entitlements | Where you specify the access request policies that restrict system access to authorized users. | Auditor or Security Policy Administrator |
Partitions | Where you define collections of assets which can be used to segregate assets for delegation. | Asset Administrator, Auditor, or delegated partition owner |
Settings |
Where you configure Safeguard for Privileged Passwords to run backups, install updates, manage clusters, manage certificates, enable event notifications, configure external integration, define profile configurations settings, define user password rules, define discovery rules, and run troubleshooting tools. |
Users with any Safeguard administrator privileges, however, the settings available depend on the administrative permissions assigned. |
Users | Where you set up users who can log into Safeguard for Privileged Passwords. |
Bootstrap, Asset Administrator, Auditor, Authorizer Administrator, Help Desk Administrator, Security Policy Administrator, or User Administrator |
User Groups | Where you define sets of Safeguard for Privileged Passwords users which you can add to an entitlement. |
Bootstrap, Auditor, Authorizer Administrator, Security Policy Administrator, or User Administrator |
All of the Administrative Tools views have the following components, except for the Toolbox and Settings:
The toolbar at the top of the views (except for the Toolbox and Settings), contain these options, depending on your Administrator permissions and the administrative tool you are in.
These buttons are available:
Toolbar options include the following.
Refresh Refresh the screen.
One Identity Safeguard for Privileged Passwords provides a workflow engine that supports time restrictions, multiple approvers, reviewers, emergency access, and expiration of policy. It also includes the ability to input reason codes and integrate directly with ticketing systems.
In order for a request to progress through the workflow process, authorized users perform "assigned" tasks. These tasks are performed from the user's Home page in the desktop client or web client.
As a Safeguard for Privileged Passwords user, your Home page provides a quick view to the access request tasks that need your immediate attention. In addition, Safeguard for Privileged Passwords can be configured to alert you when you have pending tasks awaiting your attention. For more information, see Configuring alerts.
The access request tasks you see on your Home page depend on the rights and permissions you have been assigned by an entitlement's access request policies. For example:
Designated "requesters" see tasks related to submitting new access requests, as well as actions to be taken once a request has been approved (for example, viewing passwords, copying passwords, launching sessions, and checking in completed requests).
Requesters can also define favorite requests, which then appear on their Home page for subsequent use. For more information, see Creating, editing, or removing a favorite request.
Password release and session requests use a workflow engine; however, the actions taken on a session request are slightly different than those taken on a password release request. Therefore, we will cover each of these access request workflows separately:
If designated as a requester, Safeguard for Privileged Passwords allows you to add an access request as a Favorite to your Home page. Favorites are unique for the user; they are available when you log into the desktop client or the web client.
You can create a favorite request from your Favorites pane on your Home page or from the New Access Request dialog when creating or editing an access request.
To create a favorite request from your Home page
In the New Access Request dialog, specify the assets, accounts, and type of asset to be included in the access request.
On the Account & Access Type tab, select the accounts to be included in the access request and the type of access being requested for each selected account. The accounts include linked accounts, if any.
In the Add to Favorites dialog, specify the following:
Name: Enter a name for the request.
Required
Click Add.
The dialogs will close and the new favorite will be added to the Favorites pane on your Home page.
To create a favorite request from the New Access Request dialog
At the bottom of the New Access Request dialog, click the Add to Favorites button when you are creating a new request. The Add to Favorites button is enabled when you have selected the minimum required information (that is, at least one asset, account, and an access type) for the access request.
In the Add to Favorites dialog, specify the following:
Name: Enter a name for the request.
Required
To change a favorite request's icon color
Select the check box to the left of the favorite request to be changed. Selecting a favorite request, instead of the check box, displays the New Access Request dialog to edit and submit the access request.
In the Settings dialog, choose a color and select OK.
The icon for the favorite now appears in the color you selected.
At the top of the Favorites pane, click the button to display the Remove Selected button.
Select the check box to the left of the favorite request to be removed. Selecting a favorite request, instead of the check box, displays the New Access Request dialog to edit and submit the access request.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy