You can view the results of all Account Discovery jobs that have ever run in a partition (in other words, all accounts ever discovered) and choose to enable or disable the accounts.
Accounts created display as managed accounts in the Discovered Accounts properties grid (see below). For more information, see Management tab (add asset).
Navigate to Administrative Tools | Discovery | Discovered Accounts tile.
Use these toolbar buttons to manage the discovered accounts.
Option | Description |
---|---|
Partition |
Select the partition associated with the discovered accounts you want to view. |
|
Select |
|
Select An ignored account is not unconfigured as a dependent account. If you choose to Manage the asset later, Safeguard for Privileged Passwords re-enables recognition of all the associated accounts. |
|
Display the accounts with a Status of Ignored (disabled). |
|
Hide the accounts with a Status of Ignored (disabled). |
|
Retrieve and display an updated list of discovered accounts. Ignored accounts are not displayed if Hide Ignored is selected. |
|
Enter the character string to be used to search for a match. For more information, see Search box. |
The following information displays.
Property | Description |
---|---|
Status |
The discovered account may be:
|
Name |
The name of the account in Safeguard that maps to the discovered account associated with the asset. This can be a local account or an Active Directory account |
Domain Name |
The domain name of the account if the account is an Active Directory account. |
Account Name |
The account to which the account is associated. |
Account Discovery Job |
Name of the discovery schedule.
|
Asset Discovery Rule |
The name of the Asset Discovery rule applied to discover the account. |
Date/Time Discovered |
The date and time when the service or task was discovered. |
Setting up Service Discovery
To discover Windows services, you must first create an Account Discovery job, including an Account Discovery Rule, and select Discovery Services . When the discovery job is run, services are discovered. The discovery of services is not dependent on the discovery rules. For more information, see Adding an Account Discovery job.
Viewing Service Discovery Results
Service Discovery is configured on an Account Discovery job but runs separately. You can view the results of service discovery by time frame.
User: The user who ran the job or Automated System, if the job is run on an automated schedule.
The Discovery | Discovered Services tile displays the following for the selected partition on which the services were discovered. If desired, dependencies must be manually removed.
The Asset Administrator or delegated administrator can configure service discovery jobs to scan Windows assets and discover Windows services and tasks that may require authorization credentials. If the Windows asset is joined to a Windows domain, the authorization credentials can be local on the Windows asset or be Active Directory credentials.
Running Service Discovery jobs automatically and manually
Discovered services and tasks association to known Safeguard accounts
Service discovery jobs associate Windows services and tasks with accounts that are already managed by Safeguard for Privileged Passwords. The accounts put under management display with an Account Status of Managed. When the account's password is changed by Safeguard, Safeguard updates the password corresponding to the services or tasks on the asset according to the asset's profile change settings.
Service Discovery with Active Directory
A discovered service or task configured to use Active Directory authentication can be automatically associated to the asset with the account managed by Safeguard. Effectively, the asset will have an account dependency on the account.
To automatically associate, the Account Discovery job (which runs when Safeguard synchronizes the directory) must have the Automatically Manage Found Accounts check box selected. For more information, see Adding an Account Discovery rule.
View Service Discovery job status
From the Activity Center, you can select the Activity Category named Service Discovery Activity which shows the Event outcomes: Service Discovery Succeeded, Service Discovery Failed, or Service Discovery Started.
Navigate to Administrative Tools | Discovery | Discovered Services tile.
Use these toolbar buttons to manage the discovered services.
Option | Description |
---|---|
Partition |
Select the partition for the discovered services. |
|
The Show and Ignore buttons control the Service Ignored column on this window so the administrator can either display or ignore the rows. The Account Status column is controlled by the Manage and Ignore buttons on the Discovered Accounts grid. For more information, see Discovered Accounts. |
|
Display the accounts with a Status of Ignored. |
|
Hide the accounts with a Status of Ignored. |
|
Retrieve and display an updated list of discovered accounts. Ignored accounts are not displayed if Hide Ignored is selected. |
|
Enter the character string to be used to search for a match. For more information, see Search box. |
The grid shows the Asset Name, Account, Domain Name, System Name, and Account Status for the Discovered Account that Safeguard found that is matched up with the service discovered. The service is identified by a Service Name (with a Service Type of Service or Task).
Property | Description |
---|---|
Asset Name |
The name of the asset where the service or task was discovered. |
Account |
The name of the account that maps to the Discovered Account column. |
Domain Name |
The domain name of the account if the account is an Active Directory account. Used to help determine uniqueness. |
System Name |
The system or asset that hosts the discovered mapped account. |
Account Status |
The Account Status column is controlled by the Manage and Ignore buttons on the Discovered Accounts grid. For more information, see Discovered Accounts. The discovered account may be:
|
Dependent Account |
A |
Service Type |
Type of service discovered. Values may be Service or Task. |
Service Name |
The name of the discovered service or task. |
Service Enabled |
A |
Service Ignored |
Ignored means the service or task will not show up in the grid. In other words, the service or task is hidden. This is controlled by the |
Discovered Account |
The discovered account name. If the account has an Account Status of Managed then the Account, Domain Name, and System Name display. |
Date/Time Discovered |
The date and time when the service or task was discovered. |
A Safeguard for Privileged Passwords entitlement is a set of access request policies that restrict system access to authorized users. Typically you create entitlements for various job functions; that is, you assign permissions to perform certain operations to specific roles such as Help desk, Unix administrator, or Oracle administrator, and so forth. Password release entitlements consist of users, user groups, and access request policies. Session access request entitlements consist of users, user groups, assets, asset groups, and access request policies.
The Auditor and the Security Policy Administrator have permission to access Entitlements. An administrator creates an entitlement then creates one or more access request policies associated with the entitlement, and finally add users or user groups.
Go to Administrative Tools and click Entitlements. The Entitlements view displays.
If there are one or more invalid or expired policies, a Warning and message like Entitlement contains at least one invalid policy. displays. Go to the Access Request Policy tab to identify the invalid policy. For more information, see Access Request Policies tab.
The following information displays about the selected entitlement:
Use these toolbar buttons to manage entitlements.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy