Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.9 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Installing the desktop client Setting up Safeguard for Privileged Passwords for the first time The console Navigation pane Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Historical changes by release Glossary

Checking, changing, or setting an account password

The Asset Administrator can manually check, change, or set an account password from the Account Security menu.

To manually check, change, or set an account password

  1. Navigate to Administrative Tools | Accounts.
  2. In Accounts, select an account from the object list.
  3. Click  Account Security from the toolbar. You can also right-click the account name to open the context menu.

    Select one of these options:

    • Check Password to verify the account password is in sync with the Safeguard for Privileged Passwords database. If the password verification fails, you can change it.
    • Change Password to reset and synchronize the account password with the Safeguard for Privileged Passwords database.
    • Set Password to set the account password in the Safeguard for Privileged Passwords database. The "Set" option does not change the account password on the asset.

    Note: You can view the progress and results of the "Check" and "Change" options in the Toolbox | Tasks pane. For more information, see Viewing task status.

  4. The Set Password option provides the following two options.
    1. Generate Password: Select this option to have Safeguard for Privileged Passwords generate a new random password, that complies with the password rule that is set in the account's profile.

      • Click Generate Password to display the Generate Password dialog.
      • Click Show Password to reveal the new password.
      • Click  Copy to put it into your copy buffer.
      • Log into your device, using the old password, and change it to the password in your copy buffer.
      • Click OK to change the password in the Safeguard for Privileged Passwords database or click Cancel to close the dialog without changing the current password in Safeguard for Privileged Passwords.
    2. Manual Password: Select this option to manually set the account password in the Safeguard for Privileged Passwords database.

      • Click Manual Password to display the Set Password dialog.
      • In the Set Password dialog, enter and confirm the password. Click OK to update the Safeguard for Privileged Passwords database.

      • Set the account password on the physical device to synchronize it with the Safeguard for Privileged Passwords database.

Viewing password archive

The Asset Administrator and Auditor can access a previous password for an account for a specific date.

The Password Archive dialog only displays previously assigned passwords for the selected asset based on the date specified. This dialog does not display the current password for the asset.

You view an account's password validation and reset history on the Check and Change Log tab.

To access an account's previous password

  1. Navigate to Administrative Tools | Accounts.
  2. In Accounts, right-click an account name and choose Password Archive.

    Or, click Password Archive from the toolbar.

  3. In the Password Archive dialog, select a date.

    TIP: If you select today's date (or a previous date) and no entries are returned, this indicates that the asset is still using the current password.

  4. In the View column, click to display the password that was assigned to the asset at that given date and time.
  5. In the details dialog, click Copy to copy the password to your copy buffer, or click OK to close the dialog.

Account Groups

A Safeguard for Privileged Passwords account group is a set of accounts which you can add to the scope of an access request policy. For more information, see Creating an access request policy.

The Auditor and the Security Policy Administrator have permission to access Account Groups.

The Account Groups view displays the following information about the selected account group.

Use these toolbar buttons to manage account groups.

General tab (account group)

The General tab lists information about the selected Account Group.

Large tiles at the top of the tab display the number of Accounts and Access Request Policies associated with the selected account group.

Table 21: Account Groups General tab: General properties
Property Description

Name

The selected account group's name.

Account Rules

For dynamic account groups, a summary of the asset account rules defined.

Description

Information about the selected account group.

Related Topics

Modifying an account group

Related Documents