Safeguard for Privileged Passwords sets a default time zone based on the location and culture of the person performing the set up. The time zone is expressed as UTC + or – hours:minutes and is used for timed access (for example, access from 9 am to 5 pm). It is recommended that the Bootstrap Administrator set the desired time zone on set up. An Authorizer Administrator can also change the time zone.
To configure the time zone
|
NOTE:If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, sessions configuration is handled via Safeguard for Privileged Session. See the One Identity Safeguard for Privileged Sessions Administration Guide at this link: One Identity Safeguard for Privileged Sessions - Technical Documentation. |
The embedded sessions module in One Identity Safeguard for Privileged Passwords enables you to issue privileged access to users for a specific period or session and gives you the ability to record, archive, and replay user sessions so that your company can meet its auditing and compliance requirements.
It is the responsibility of the Appliance Administrator to configure the One Identity Safeguard for Privileged Passwords Privileged Sessions settings.
Navigate to Administrative Tools | Settings | Sessions.
Setting | Description |
---|---|
Session Recordings Storage Management | Where you assign an archive server to an appliance for storing session recordings produced by that appliance. |
Embedded sessions module | Where you can view the current status of the sessions module, enable debug logging, and reset the sessions module if the module is not responding and users cannot connect to their target systems. |
SSH Banner |
Where you define the banner text shown to session users notifying them that they are being recorded. |
SSH Host Key | Where you specify the SSH key to be used for authentication to an SSH session. |
|
NOTE:If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, sessions configuration is handled via Safeguard for Privileged Session. See the One Identity Safeguard for Privileged Sessions Administration Guide at this link: One Identity Safeguard for Privileged Sessions - Technical Documentation. |
You can immediately archive session recordings from a specific Safeguard for Privileged Passwords Appliance to a specified archive target. When an archive server is configured, session recordings for that appliance are removed from the Safeguard for Privileged Passwords Appliance and stored on the archive server. Use the Session Recordings Storage Management pane to assign archive servers to your Safeguard for Privileged Passwords Appliances.
|
IMPORTANT: When storing session recordings locally, once the local storage reaches capacity, the oldest recordings will be deleted. When storing session recordings to an archive server, the session recording is archived to the designated server immediately upon completion. As soon as the recording is copied to the archive server, it is removed from the appliance storage. Safeguard for Privileged Passwords allows you to play back a recording that is stored locally or on the archive server. However, if you are playing back a recording that is stored on an archive server you will need to download it before you can play it. For more information, see Replaying a session. |
Navigate to Administrative Tools | Settings | Sessions | Sessions Recordings Storage Management.
Property | Description |
---|---|
Appliance ID |
The ID assigned to an appliance. |
Archive Server Name | The name of the designated archive server. |
Use these toolbar buttons to manage archive server configurations for session recordings.
Option | Description |
---|---|
|
Update the list of designated archive servers being used to archive session recordings. |
|
Specify the archive server to be associated with the selected appliance. Clicking this button displays the Archive Servers dialog allowing you to select the archive server where session recordings are to be stored for the selected appliance. For more information, see Assigning an archive server to an appliance. |
|
Unassign the specified archive server from the selected appliance. |
|
NOTE: If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, session recording is handled via Safeguard for Privileged Session. |
It is recommended that you assign an archive server to each appliance in your Safeguard for Privileged Passwords deployment to store that appliance's session recordings. This best practice will prevent you from filling up the appliance's local disk space.
|
IMPORTANT: Clustered environment: It is highly recommended that you assign an archive server to at least the primary appliance in a clustered environment. You may also want to consider assigning an archive server to each individual appliance in the cluster. If a replica in the cluster does not have an archive server assigned to it for its session recordings, the primary appliance will act as a proxy for archiving any recordings for that replica. If the primary appliance does not have an archive server assigned for session recordings, the following will happen:
Therefore, in order to avoid filling up the appliances' disk space, not only on the primary appliance but also on the replica appliances, is to ensure that at least the primary appliance has an archive server assigned for storing session recordings. |
To assign an archive server to an appliance
|
NOTE: Clustered environment: Log into the primary appliance to assign archive servers to your primary appliance and replica appliances. |
In Administrative Tools | Settings | Sessions | Session Recordings Storage Management to assign an archive server to the appliance.
Click the Assign Archive Server to Appliance toolbar button.
The name of the target archive server will appear in the Archive Server Name column.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy