One Identity Safeguard for Privileged Passwords 2.9 - Administration Guide

Asset Discovery Results

You can view the results of running one or more Asset Discovery jobs.

1. Navigate to Administrative Tools | Discovery and click the Asset Discovery Results tile.
2. On the Asset Discovery Results grid:
   • Click Refresh to refresh the results.
   • Select the time frame of the completed jobs you want to display which ranges from the last 24 hours to the last 7, 30, 60 or 90 days. Or, click Custom to create a custom time frame.
3. Click Search and enter the character string to be used to search for a match. For more information, see Search box.
4. Click a column to sort the column information displayed for each job:
   • User: The user who ran the job or Automated System, if the job is run on an automated schedule.
   • Date: The most recent date the Asset Discovery job successfully ran.
   • Job Name: The name of the Asset Discovery job.
   • Type: The type of Asset Discovery job (for example, Network Scan or Directory Scan).
   • Event: The outcome of running the Asset Discovery job event which may be Asset Discovery Succeeded, Asset Discovery Failed, or Asset Discovery Started.
   • Partition: The partition in which the discovered assets will be managed.
   • Appliance: The name of the Safeguard for Privileged Passwords Appliance.
   • Directory: If applicable, the name of the directory on which the Asset Discovery job ran.
   • # Assets Found: The number of asset found during the discovery job.
5. For additional detail on an Asset Discovery job result, double-click the result row to view the Asset Discovery Results pop-up window. On this window, click # of Assets Found to see a list of the assets.

Account Discovery

Account Discovery jobs include the rules Safeguard for Privileged Passwords uses to perform account discovery against assets. When you add an Account Discovery job, you can identify whether or not to automatically manage found accounts, whether to discover services, and whether to automatically configure dependent systems.

The accounts in the scope of the discovery job may include accounts that were previously added (manually) to the Safeguard partition. For more information, see Adding an account.

To configure and schedule account discovery jobs, perform one of the following:

• You can create or edit an Account Discovery job from Administrative Tools | Discovery | Account Discovery. Then, associate assets to the Account Discovery job via the Occurrences button.

  IMPORTANT: You must click Occurrences to associate assets to the Account Discovery job. If you do not associate the assets to the Account Discovery job, the accounts will not be found.

• You can create or edit an asset and, in the process, assign or create an Account Discovery job. For more information, see Adding an asset.

Supported platforms

Safeguard for Privileged Passwords supports account discovery on the following platforms:

• AIX
• HP-UX
• Linux / Unix (based)
• MAC OS X
• Solaris
• Windows - To discover ISS pools on a Windows server in Service Account Discovery, the IIS 6 Metabase Compatibility and IIS 6 WMI Compatibiity roles/features need to be installed on the platform. See Microsoft's Install or Uninstall Roles, Role Services, or Features.

Properties and toolbar

Navigate to Administrative Tools | Discovery | Account Discovery.

Use these toolbar buttons to manage the Account Discovery jobs.

Table 68: Account Discovery: Toolbar

Option	Description
Add	Add an Account Discovery job. For more information, see Adding an Account Discovery job.
Delete Selected	Delete the selected Account Discovery job.
Refresh	Update the list of Account Discovery jobs.
Edit	Modify the selected Account Discovery job. You can also double-click a row to open the edit dialog.
Discover Accounts	Discover the accounts on the selected Account Discovery job. Select the asset on the Asset dialog. A Task pop up displays which shows the progress and completion.
Discover Services	Discover the services on the selected Account Discovery job. Select the asset on the Asset dialog. A Task pop up displays which shows the progress and completion.
Details	View additional details about the selected Account Discovery job.
Occurrences	Add, delete, or refresh the assets associated with the Account Discovery job. IMPORTANT: You must associate the assets to the Account Discovery job for the accounts to be found.
Search	Enter the character string to be used to search for a match. For more information, see Search box.

Account Discovery jobs display in the grid.

Double-click on an Account Discovery job to view the details.

Related Topics

Account Discovery job workflow

Account Discovery job workflow

Safeguard for Privileged Passwords's Account Discovery jobs discover accounts of the assets that are in the scope of a partition profile. For more information, see About partition profiles. Account Discovery jobs can include service discovery.

You can configure, schedule, test, and run Account Discovery jobs. After the job has run, you can select whether to manage the account, if it was not identified to be automatically managed.

1. Create an Account Discovery job and associate assets or create an asset and associate the Account Discovery job.
   • To create an Account Discovery job then add assets. For more information, see Adding an Account Discovery job.

   • To create an asset and associate an Account Discovery job. For more information, see Adding an asset.

2. Account Discovery jobs can be scheduled to run automatically. In addition you can manually launch these jobs in any of the following ways:

   • From Assets, right click the asset and choose to run the account or service discovery.
   • From Discovery | Account Discovery click Discover Accounts or Discover Services.
   • From Assets | Discovered Services click Discover Services. For more information, see Discovered Services tab (asset).
3. After the Account Discovery job runs, you can mark the managed accounts from Administrative Tools | Discovery | Discovered Accounts.

• Click  Disable to prevent Safeguard for Privileged Passwords from managing the selected account.
• Click  Enable to manage the selected account and assign it to the scope of the default profile.

Note: The discovery job finds all accounts that match the discovery rule's criteria regardless of the state and reports only the accounts discovered that do not currently exist. Account Discovery does not update existing accounts.

Search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the account discovery events in the Account Discovery Activity category.

Adding an Account Discovery job

It is the responsibility of the Asset Administrator or the partition's delegated administrator to configure the rules that govern how Safeguard for Privileged Passwords performs account discovery. For more information, see Account Discovery job workflow.

To add an account discovery job

1. Navigate to Administrative Tools | Discovery | Account Discovery.
2. Click  Add to open the Account Discovery dialog.
3. Provide the following:
   1. Partition: Browse to select a partition.

   2. Name: Enter a name for the account discovery job. Limit: 50 characters.

   3. Description: Enter descriptive text about the account discovery job. Limit: 255 characters

   4. Discovery Type: The platform, for example, Windows, Unix, or Directory. Make sure the Discovery Type is valid for the assets associated with the Partition selected earlier on this dialog.
   5. Directory: If the Discovery Type is Directory, select the directory on which the Account Discovery job runs.

   6. Click the Schedule button and choose an interval for to run the Account Discovery job.

      In the Schedule dialog, select Run Every to run the job along per the run details you enter. (If you deselect Run Every, the schedule details are lost.)

      • To specify the frequency without start and end times, select from the following controls. If you want to specify start and end times, go to the Use Time Window selection in this section.

        • Minutes: The job runs per the frequency of minutes you specify. For example, Every 30 Minutes runs the job every half hour over a 24 hour period. It is recommended you do not use the frequency of minutes except in unusual situations, such as testing.

        • Hours: The job runs per the minute setting you specify. For example, if it is 9 am and you want to run the job every 2 hours at 15 past the hour starting at 9:15 am, you would select Runs Every 2 Hours @ 15 minutes after the hour.

        • Days: The job runs on the frequency of days and the time you enter.

          For example, Every 2 Days @ 11:59:00 PM runs the job every other evening just before midnight.

        • Weeks The job runs per the frequency of weeks at the time and on the days you specify.

          For example, Every 2 Weeks @ 5:00:00 AM and Repeat on these days with MON, WED, FRI selected runs the job every other week at 5 am on Monday, Wednesday, and Friday.

        • Months: The job runs on the frequency of months at the time and on the day you specify.

          For example, If you select Every 2 Months @ 1:00:00 AM along with First Saturday of the month, the job will run at 1 am on the first Saturday of every other month.

      • Select Use Time Windows if you want to enter the Start and End time. You can click add or - delete to control multiple time restrictions. Each time window must be at least one minute apart and not overlap.

        For example, for a job to run every ten minutes every day from 10 pm to 2 am you would enter these values:

        Enter Every 10 Minutes and Use Time Windows:

        • Start 10:00:00 PM and End 11:59:00 AM

        • Start 12:00:00 AM and End 2:00:00 AM

          An entry of Start 10:00:00 PM and End 2:00:00 AM will result in an error that the end time must be after the start time.

        If you have selected Days, Weeks, or Months, you will be able to select the number of times for the job to Repeat in the time window you enter.

        For a job to run two times every other day at 10:30 am between the hours of 4 am and 8 pm, you would enter these values:

        For days, enter Every 2 Days and set the Use Time Windows as Start 4:00:00 AM and End 20:00:00 PM and Repeat 2.

      • Time Zone: Select the time zone.
   7. Rules: You can add, delete, edit or copy rules. For more information, see Adding an Account Discovery rule.

   8. Discover Services: (For Windows accounts only and deselected by default.) Select this check box so that when the discovery job is run, services are discovered and can be viewed in by clicking the Discovered Services tile. For more information, see Discovered Services.

      For more information, see Adding an Account Discovery job.

      Automatically Configure Dependent Systems: (For Windows accounts only and deselected by default.) Select this check box so that any directory accounts that are discovered in the Service Discovery job are automatically configured as dependent accounts on the asset where the service or task was discovered. The dependencies are listed on Administrative Tools | Assets | Account Dependencies. If you deselect the check box and run the account discovery job again, the dependencies are not removed. Dependencies can be manually removed from Administrative Tools | Assets | Account Dependencies. For more information, see Account Dependencies tab (asset).

4. Click OK.

5. Select the assets to which the account discovery rule applies using one of these approaches:

   • Go to the asset and configure the account discovery rules. For more information, see Account Discovery tab (add asset).
   • From the Account Discovery job grid, click the link in the Asset Count column to select assets. For more information, see Account Discovery.