When you delete an account group, Safeguard for Privileged Passwords does not delete the associated accounts.
A Safeguard for Privileged Passwords asset is a computer, server, network device, or application managed by a Safeguard for Privileged Passwords Appliance.
It is the responsibility of the Asset Administrator to add assets and accounts to Safeguard for Privileged Passwords.The Auditor has permission to access Assets.
Before adding assets to Safeguard for Privileged Passwords, you must ensure they are properly configured. For more information, see Preparing systems for management.
Each asset can have associated accounts (user, group, and service) identified on the Accounts tab (asset). If an asset is deleted, associated accounts are deleted.
All assets must be governed by a profile identified on the General tab (asset group). All new assets are automatically governed by the default profile unless otherwise specified.
An asset can only be in one partition at a time identified on the General tab (asset group). When you add an asset to a partition, all accounts associated with that asset are automatically added to that partition.
You can identify a default partition and default partition profile so that when you add assets, the assets are added to the default partition and default partition profile. For more information, see Setting a default partition.
Asset Discovery jobs run automatically against the directories you have added. For information about configuring asset discovery in Safeguard for Privileged Passwords, see Asset Discovery job workflow.
The Assets view displays the following information about the selected system. Not all selections will be available for all assets.
Use these toolbar buttons to manage assets.
|
Important:When you delete an asset, you also permanently delete all the Safeguard for Privileged Passwords accounts associated with the asset. |
Add Asset: Add assets to Safeguard for Privileged Passwords. For more information, see Adding an asset.
Right click on an asset to use these context menu options.
Select Disable to prevent Safeguard for Privileged Passwords from managing the selected asset. When you disable an asset, Safeguard for Privileged Passwords disables it and removes all associated accounts. If you choose to manage the asset later, Safeguard for Privileged Passwords re-enables all the associated accounts.
The General tab lists information about the selected asset.
Large tiles at the top of the tab display the number of Accounts, Account Dependencies (when applicable), Access Request Policies and Asset Groups associated with the selected asset. Clicking a tile heading opens the corresponding tab.
Navigation: Administrative Tools | Assets | General. The following fields display based on the type of asset (for example, Windows, Linux, OpenLDAP, or Active Directory).
Property | Description | ||
---|---|---|---|
Name | The asset name. | ||
Description |
Descriptive text to further identify the asset. | ||
Partition | The name of the partition where the selected asset resides. | ||
Profile |
The name of the profile that manages the asset's accounts.
| ||
License Type |
If applicable (for example, for a Windows asset), indicates your license model, such as System or Desktop. | ||
Last Successful Account Discovery |
If applicable, the date and time of the last successful Account Discovery job. | ||
Next Account Discovery |
If applicable, the date and time of the next automated Account Discovery job as set in the Account Discovery job of the partition profile. (For more information, see Creating a partition profile.) | ||
Directory (directory) |
The name of the directory where the asset was discovered. | ||
Domain Name (directory) |
The name of the domain where the asset was discovered. | ||
NetBios Name (directory) |
The NetBios name of the asset that was discovered. | ||
Distinguished Name (directory) |
The distinguished name of the asset that was discovered. |
The following fields display based on the type of asset (for example, Windows, Linux, OpenLDAP, or Active Directory).
Property | Description |
---|---|
Product | The platform of the selected managed system. |
Version | If applicable, the system version. |
Architecture | if applicable, the operating system architecture. |
Network Address | If applicable, the network DNS name or IP address of the managed system. |
Manage Forest (directory) |
If True, the whole forest is managed. |
Forest Root Domain Name (directory) |
The forest root domain for the asset (Name on the General tab). A domain can be identified for more than one directory asset so that multiple directory assets can be governed the same domain. |
Managed Domains |
The managed domains. |
Available for discovery across all partitions |
If True, this asset is "read access" available for Asset Discovery jobs beyond partition boundaries. |
Managed Network |
The managed network that is assigned for work load balancing. For more information, see Managed Networks. |
Enable Session Request | The check box is selected if session access requests are enabled for the asset. |
RDP Session Port | If applicable, the access port on the target server used for RDP session access requests. |
SSH Session Port | If applicable, the access port on the target sever used for SSH session access requests. |
Telnet Session Port |
If connecting to TN3270 or TN5250, the port for connection. |
Sync additions every [number] minutes |
If applicable, the frequency that Safeguard for Privileged Passwords synchronizes the additions or modifications to objects. The date and time of the last sync, last failed, and last successful sync display. The intervals are directory specific. |
Sync deletions every [number] minutes |
If applicable, the frequency that Safeguard for Privileged Passwords synchronizes the deletion of objects. The date and time of the last sync, last failed, and last successful sync display. The intervals are directory specific. |
Account Discovery | Account discovery identifier. |
Last Successful Account Discovery | The date and time of the last successful account discovery. |
Last Failed Account Discovery | The date and time of the last failed account discovery. |
Next Account Discovery | The date and time for the next account discovery. |
Property | Description |
---|---|
Authentication Type | How the console connects with the managed system. For more information, see Connection tab (add asset). |
Service Account Name | The account used by Safeguard for Privileged Passwords to securely manage accounts and passwords on the asset. |
Service Account Domain Name |
The domain used to manage accounts and passwords on the asset. |
Service Account Distinguished Name |
The distinguished name of the service account. |
Connection Timeout | The session timeout period. |
Privilege Elevation Command |
Displays the elevation command (such as sudo) if it is populated on the Connection tab. |
Port |
The port used by SSH to log into the managed system. |
SSH Host Key Fingerprint | The fingerprint of the SSH key that Safeguard for Privileged Passwords uses to authenticate to the asset. |
SSH Key Comment | Human-readable information about the SSH key. |
SSH Host Key Fingerprint |
The managed system's public host key fingerprint. When an asset requiring an SSH host key does not have one, Check Password will fail. For more information, see Connectivity failures. |
CheckSystem (custom platform script) |
True if the service account has access to the remote host. See the wiki: Writing a custom platform script. |
CheckPassword (custom platform script) |
True if the given account user and password are valid on the remote host. See the wiki: Writing a custom platform script. |
ChangePassword (custom platform script) |
True if the password for the given user on the remote host. See the wiki: Writing a custom platform script. |
Property | Description |
---|---|
User Attributes |
User attributes include: Object Class User Name Password Description |
Group Attributes |
Group attributes include: Object Class Name Member |
Computer Attributes |
Computer attributes include: Object Class Name Network Address Operating System Operating System Version Description |
Tags: Tag assignments for the selected asset. The tiles listed under in the Tags pane display both the dynamic tags assigned to the asset through tagging rules and static tags that were added manually. In addition to viewing tag assignments, Asset Administrators can add and remove statically assigned tags using this pane.
Description: Information about the selected asset.
Assigning an asset to a partition
Assigning a profile to an asset
An asset's Accounts tab displays the accounts associated with this asset.
Click Add Account from the details toolbar to associate an account with the selected asset.
Navigation: Administrative Tools | Assets | Accounts.
Property | Description | ||
---|---|---|---|
Name |
Name of an account associated with the selected asset.
| ||
Domain Name |
The domain name for the account and helps to determine the uniqueness of accounts. | ||
Profile |
The name of the profile that manages the account. | ||
Service Account |
A | ||
Password Request |
A
| ||
Session Request |
A
| ||
Needs a Password |
Displays | ||
Description |
Descriptive information entered when the account was added. | ||
Global Access |
A |
Use these buttons on the details toolbar to manage your asset accounts.
Option | Description |
---|---|
Add accounts to the selected asset. For more information, see Adding an account to an asset. | |
Remove the selected account from the asset. | |
Update the list of asset accounts. | |
Menu options include: Check Password, Change Password, and Set Password. For more information, see Checking, changing, or setting an account password. | |
Display the password history for the selected asset account. For more information, see Viewing password archive. | |
Select an option to enable or disable access request services for the selected account. Values are derived from whether the platform of the asset indicates it supports Password Request, Session Request, or both. Menu options include:
Service Accounts are "created" when the Asset is created and by default are not enabled for session or password access. Discovered Accounts are controlled by the Account Discovery template that is used in discovering the accounts. They are a property of the rule template of the Account Discovery job. For more information, see Adding an Account Discovery rule. | |
Select a profile to manage the selected asset account. | |
To locate a specific asset account or set of accounts in this list, enter the character string to be used to search for a match. For more information, see Search box. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy