Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.9 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Installing the desktop client Setting up Safeguard for Privileged Passwords for the first time The console Navigation pane Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Historical changes by release Glossary

Factory Reset from the desktop client

As an Appliance Administrator, you can use the Factory Reset feature to reset a Safeguard for Privileged Passwords Appliance to recover from major problems or to clear the data and configuration settings on the appliance.

Caution: Care should be taken when performing a factory reset against a physical appliance, because this operation removes all data and audit history, returning it to its original state when it first came from the factory. The appliance must go through configuration again as if it had just come from the factory. For more information, see Setting up Safeguard for Privileged Passwords for the first time.

In addition, performing a factory reset may change the default SSL certificate and default SSH host key.

Factory reset on a clustered appliance

Performing a factory reset on a clustered hardware appliance will not automatically remove the appliance from a cluster. The recommended best practice is to unjoin an appliance from the cluster before performing a factory reset on the appliance. After the unjoin and factory reset, the appliance must be configured again. For more information, see Setting up Safeguard for Privileged Passwords for the first time.

To perform a factory reset from the desktop client

  1. Navigate to Administrative Tools | Settings | Appliance | Factory Reset.
  2. Click Factory Reset.
  3. In the Factory Reset confirmation dialog, enter the words Factory Reset and click OK.

    The appliance will go into Maintenance mode to revert the appliance. Once completed, you will be prompted to restart the desktop client. If the appliance had been in a cluster, you may need to unjoin the factory reset appliance. The factory reset appliance must be configured again. For more information, see Setting up Safeguard for Privileged Passwords for the first time. In addition, when you log into the appliance, you will be prompted to add your Safeguard for Privileged Passwords licenses.

Licensing

It is the responsibility of the Appliance Administrator to manage the Safeguard for Privileged Passwords licenses. For more information, see Product licensing.

To avoid disruptions in the use of Safeguard for Privileged Passwords, the Appliance Administrator must configure the SMTP server, and define email templates for the License Expired and the License Expiring Soon event types. This ensures you will be notified of an approaching expiration date. For more information, see Enabling email notifications.

To enter licensing information when you first log in

The first time you log in as the Appliance Administrator, you are prompted to add one or more licenses. The Success dialog displays when a license is added.

On the virtual appliance, the license is added as part of Initial Setup. For more information, see Setting up the virtual appliance.

To add new licenses from Settings

  1. Navigate to Administrative Tools | Settings | Appliance | Licensing.
  2. Click .
  3. Browse to select the license file.

    Once you add a license, you will see the current license information and a link that allows you to update the license.

  4. To add another module license, click Add License and complete the information.

To update a module license

  1. Navigate to Administrative Tools | Settings | Appliance | Licensing.
  2. Select Update License in the lower left corner of a module's licensing information pane.
  3. Browse to select the license file. Select Open.

Lights Out Management (BMC)

The Lights Out Management feature allows you to remotely manage the power state and serial console to Safeguard for Privileged Passwords using the baseboard management controller (BMC). When a LAN interface is configured, this enables the Appliance Administrator to power on an appliance remotely or to interact with the recovery kiosk.

It is the responsibility of the Appliance Administrator to enable and configure the Lights Out Management feature. When Lights Out Management is enabled, the Appliance Administrator can set or change the password and modify the network information for the baseboard management console (BMC). When disabled, Safeguard for Privileged Passwords immediately resets the password to a random value and resets the network settings to default values.

IMPORTANT: This feature requires a LAN interface to be enabled and configured. One Identity Safeguard for Privileged Passwords's BMC supports the following LAN interfaces to provide this functionality:

  • SSH
  • IPMI v2
  • Web
  • Serial over Lan

It is strongly recommended that the LAN interface only be enabled in trusted environments.

To enable Lights Out Management

  1. Access Lights Out Management in one of two ways:
  2. Click the Enable Lights Out Management toggle to enable or disable this feature ( toggle on or toggle off).
  3. Once enabled, enter the following information about the BMC:
    1. IP address: The IPv4 address of the host machine.
    2. Netmask: The network mask IPv4 address.
    3. Default Gateway: The default gateway IPv4 address.
  4. Click the Set BMC Admin Password button to set the password for the host machine.

    Maximum password length: 20 characters.

    NOTE: If this feature was previously enabled, you will see an Update BMC Admin Password button instead. Optionally, click the Update BMC Admin Password button to reset the password for the host machine.

  5. Click OK to save the settings on the host machine.

NOTE: Once Lights Out Management is enabled in Safeguard for Privileged Passwords, you can access the BMC via a web interface or by using SSH to connect to the IPMI port to remotely manage the power state and serial console to Safeguard for Privileged Passwords. The default user for accessing the BMC is ADMIN.

Network Diagnostics

Safeguard for Privileged Passwords makes these diagnostic tests available for the Appliance Administrator and Operations Administrator.

NOTE: When you run these diagnostic tests, they are run on the appliance.

Navigate to Administrative Tools | Settings | Appliance |Network Diagnostics.

Table 109: Appliance Tests
Test Description
Ping To verify network connectivity and response time between the appliance to the specified host.
NS Lookup To obtain DNS details of the specified host in relation to the appliance.
Trace Route To obtain route information; traceroute determines the paths packets take from one IP address to another.
Telnet

To test TCP/IP connectivity between the appliance and specified host.

Show Routes To retrieve routing table information.
Related Topics

Troubleshooting

Frequently asked questions

Related Documents