Accounts
A Safeguard for Privileged Passwords account is a unique identifier that Safeguard for Privileged Passwords uses to control access to assets. Managed accounts (including directory accounts and service accounts ) and groups of accounts can be associated with an asset. Each account has an associated asset; if you delete an asset, Safeguard for Privileged Passwords permanently deletes all the accounts associated with it.
The Auditor and the Asset Administrator have permission to access Accounts.
On Unix assets, the accounts are stored in etc/passwd; however, each platform implements this concept differently.
Service accounts are designated with a 
The Accounts view displays the following information about the selected account.
- General tab (account): Displays general information about the selected account.
- Access Request Policies tab (account): Displays the entitlements and access request policies associated with the selected account.
- Account Groups tab (account): Displays the account groups that contain the selected account.
- Dependent Assets (account): Displays the assets that have dependency on the selected directory account.
- Check and Change Log tab (account): Displays the password validation and reset history for the selected account.
- History tab (account): Displays the details of each operation that has affected the selected account.
For information about configuring Account Discovery in Safeguard for Privileged Passwords, see Account Discovery job workflow.
Use these toolbar buttons to manage accounts.
Add Account: Add accounts to Safeguard for Privileged Passwords. For more information, see Adding an account.
Delete Selected: Remove the selected account. For more information, see Deleting an account.
Refresh: Update the list of accounts.
Import Accounts: Add accounts to Safeguard for Privileged Passwords. For more information, see Importing objects.
Account Security: Menu options include: Check Password, Change Password, and Set Password. For more information, see Checking, changing, or setting an account password.
Password Archive: Display the password history for the selected account. For more information, see Viewing password archive.
Access Requests: Allows you to enable or disable access request services for the selected account. Menu options include:
- Enable Password Request
- Disable Password Request
- Enable Session Request
- Disable Session Request
-
Show Disabled: Display the accounts that are not managed and are disabled and have no associated assets. Account management can be controlled by right clicking on an asset and selecting
Hide Disabled: Hide the accounts that are not managed and are disabled and have no associated assets. Asset management can be controlled by right clicking on an account and selecting
Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click
General tab (account)
The General tab lists information about the selected account.
Large tiles at the top of the tab display the number of Access Request Policies, Account Groups, and Dependent Assets associated with the selected account. Clicking a tile heading opens the corresponding tab. The time stamps for the password and SSH Key check and change transactions are based on the user's local time.
Navigate to Administrative Tools | Accounts | General. Information for the account displays. Not all the information listed below is applicable for every account.
| Property | Description |
|---|---|
| Name | The name of the selected account. |
|
Distinguished Name |
For LDAP platforms, the fully qualified distinguished name (FQDN) for the service account |
| Asset |
The display name of the managed system associated with this account. Accounts are only associated with one asset. |
| Partition | The name of the partition where the selected account resides. |
| Profile |
The name of the profile that governs the accounts assigned to a partition. |
|
Password Sync Group |
If assigned, the password sync group to control password validation and reset across all associated accounts. The password sync group used to control password validation and reset across all associated accounts |
|
Account Discovery Job |
The account discovery job with rule-based settings to discover all accounts that are assigned to the assets in a selected partition, that are made available globally, or that meet the rules criteria. |
|
Date/Time Discovered |
The date and time when the account was discovered. |
| Enable Password Request | True or False, indicating whether password release requests are enabled for this account. |
| Enable Session Request | True or False, indicating whether session access requests are enabled for this account. |
| Last Successful Password Check |
The date and time of the last successful password validation. |
| Next Password Check |
The date and time of the next automated password check as set in the Check Password schedule of the partition profile. For more information, see Adding check password settings. |
| Last Successful Password Change |
The date and time of the last successful password change. |
| Next Password Change |
The date and time of the next automated password change as set in the Change Password schedule of the partition profile. For more information, see Adding change password settings. |
| Last Successful SSH Key Change |
The date and time of the last successful SSH Key change. |
| Next SSH Key Change |
The date and time of the next SSH Key change. |
Tags: Tag assignments for the selected account.
The tiles displayed in the Tags pane include both the dynamic tags added through tagging rules and static tags that were added manually. In addition to viewing tag assignments, Asset Administrators can add and remove statically assigned tags.
|
|
NOTE: Dynamically assigned tags contain a lightening bolt icon and cannot be deleted; whereas, static tags which can be removed contain an X icon. |
Description: Information about selected account.
Related Topics
Access Request Policies tab (account)
The Access Request Policies tab displays the entitlements and access request policies, including password release policies and session request policies, associated with the selected account.
Navigate to Administrative Tools | Accounts | Access Request Policies.
| Property | Description |
|---|---|
|
Entitlement |
The name of the access request policy's entitlement. |
|
Access Request Policy |
The name of the access request policy that governs the selected account. |
|
Accounts |
The number of unique accounts in the account groups that are associated with the access request policy. |
|
# Account Groups |
The number of unique account groups in the access request policy. |
|
Account Groups |
The names of the account groups that associate the selected account with the policy. |
Use these buttons on the details toolbar to manage your access request policies associated with the selected account.
| Option | Description |
|---|---|
|
|
Add the selected account to the scope of an access request policy. |
|
|
Remove the selected policy. |
|
|
Update the list of access request policies. |
|
|
View and edit details about the selected access request policy. For more information, see Creating an access request policy. |
|
|
To locate a specific policy or set of policies in this list, enter the character string to be used to search for a match. For more information, see Search box. |
Remove SelectedAccount Groups tab (account)
The Account Groups tab displays the account groups that contain the selected account. The Account Groups tab is only available to a user with Auditor permissions.
Navigate to Administrative Tools | Accounts | Access Request Policies.
Click 
| Property | Description |
|---|---|
|
Name |
The account group name. |
|
Dynamic |
A check mark in this column indicates that the group is a dynamic account group. |
|
Description |
Information about the account group. |
Use these buttons on the details toolbar to manage the account groups.
| Option | Description |
|---|---|
|
|
|
|
|
Remove the selected account group from the account. |
|
|
Update the list of account groups assigned to the selected account. |
|
|
To locate a specific account group in this list, enter the character string to be used to search for a match. For more information, see Search box. |