Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.9 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Installing the desktop client Setting up Safeguard for Privileged Passwords for the first time The console Navigation pane Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Historical changes by release Glossary

Embedded Sessions Module

Safeguard for Privileged Passwords has an embedded sessions module.

NOTE: If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, sessions configuration is handled via Safeguard for Privileged Session. See the One Identity Safeguard for Privileged Sessions Administration Guide at this link: One Identity Safeguard for Privileged Sessions - Technical Documentation.

Navigate to Administrative Tools | Settings | Sessions | Sessions Module. From the Sessions Module pane, an Appliance Administrator can view the current status of the One Identity Safeguard for Privileged Passwords Privileged Sessions module and reset the embedded sessions module.

Table 180: Sessions Module controls
Control Description
Refresh Click to retrieve and update the session module's status.
Health Check

Click to run and display the results of the health check run against the sessions module.

An additional pane appears, displaying results for the following:

  • HTTP: Checks whether Safeguard for Privileged Passwords can communicate with the sessions module via the internal web interface.
  • SSH: Checks whether Safeguard for Privileged Passwords can communicate with the embedded sessions module via the internal SSH channel.
  • SNMP: Checks whether Safeguard for Privileged Passwords can communicate with the embedded sessions module via the SNMP channel. It also checks whether the sessions module can report significant events back to Safeguard for Privileged Passwords via SNMP.
  • Keys: Checks whether the proper keys are in place in order for the embedded sessions module to communicate back to Safeguard for Privileged Passwords.
  • Internal: Checks whether the embedded sessions module can interact with Safeguard for Privileged Passwords once a session request has been made.

NOTE: The background of the Session Module Health pane changes colors indicating the current health of the embedded sessions module:

  • Green: All components of the embedded sessions module are healthy (OK).
  • Red: An error was encountered with at least one of the components. The error message is displayed.

Click X in the upper right corner to close the Session Module Health pane.

Module Status

Displays the current status of the Privileged Sessions module.

Reset Sessions Module

When the Privileged Sessions module is not responding and users cannot connect to their target systems, click the Reset Sessions Module button to reboot the embedded sessions module. Click Reset Now in the Reset Sessions Module confirmation dialog.

NOTE: Resetting the embedded sessions module will terminate all active sessions.

SSH Banner

NOTE: If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, sessions configuration is handled via Safeguard for Privileged Session. See the One Identity Safeguard for Privileged Sessions Administration Guide at this link: One Identity Safeguard for Privileged Sessions - Technical Documentation.

It is the responsibility of the Appliance Administrator to define the banner text shown to session users when they initiate a privileged session. The SSH banner notifies session users that One Identity Safeguard for Privileged Passwords will record the current session.

To define the SSH banner text

  1. Navigate to Administrative Tools | Settings | Sessions | SSH Banner.
  2. In the Banner Text box, enter the text to be displayed to session users.
  3. Click OK to save the message.

SSH Host Key

NOTE: If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, sessions configuration is handled via Safeguard for Privileged Session. See the One Identity Safeguard for Privileged Sessions Administration Guide at this link: One Identity Safeguard for Privileged Sessions - Technical Documentation.

The SSH Host Key pane allows the Appliance Administrator to verify or specify the SSH host key is presented to the user's SSH client whenever an SSH session is started.

Navigate to Administrative Tools | Settings | Sessions | SSH Host Key.

Table 181: SSH Host Key settings
Setting Description
Fingerprint

Displays the SSH key fingerprint identifying the host to which you are currently connected.

Set New Key

Click Set New Key to set a new SSH private key for authenticating to an SSH session.

Generate New Key Pair

If you do not have an SSH key, click Generate New Key Pair to generate a new SSH key to use for authentication to an SSH session.

Download Public Key

Click Download Public Key to download a public SSH key for authenticating to an SSH session.

Users

A user is a person who can log into Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Users and user groups.

Your administrator permissions determine what you can view in Users. Users displayed in a faded color are disabled. The following table shows you the tabs that are available to each type of administrator.

  • Authorizer Administrator: General, History
  • User Administrator: General, User Groups (directory users only), History
  • Help Desk Administrator: General, History
  • Auditor: General, User Groups , Partitions, Entitlements, Linked Accounts, History
  • Asset Administrator: General, Partitions
  • Security Policy Administrator: General, User Groups , Entitlements, Linked Accounts, History

The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Enabling or disabling a user.

The Users view displays the following information about a selected user:

  • General tab (user): Displays the authentication, contact information, location, and permissions for the selected user.
  • User Groups tab (user): Displays the user groups in which the selected user is a member.
  • Partitions tab (user): Displays the partitions over which the selected user is a delegated partition administrator.
  • Entitlements tab (user): Displays the entitlements in which the selected user is a member; that is, an entitlement "user".
  • Linked Accounts tab (user): Displays the directory accounts linked to the selected user.
  • History (user): Displays the details of each operation that has affected the selected user.

Use these toolbar buttons to manage users:

 

Related Documents