One Identity Safeguard for Privileged Passwords 2.9 - Administration Guide

Embedded Sessions Module

Safeguard for Privileged Passwords has an embedded sessions module.

Navigate to Administrative Tools | Settings | Sessions | Sessions Module. From the Sessions Module pane, an Appliance Administrator can view the current status of the One Identity Safeguard for Privileged Passwords Privileged Sessions module and reset the embedded sessions module.

Table 180: Sessions Module controls

Control	Description
Refresh	Click to retrieve and update the session module's status.
Health Check	Click to run and display the results of the health check run against the sessions module. An additional pane appears, displaying results for the following: HTTP: Checks whether Safeguard for Privileged Passwords can communicate with the sessions module via the internal web interface. SSH: Checks whether Safeguard for Privileged Passwords can communicate with the embedded sessions module via the internal SSH channel. SNMP: Checks whether Safeguard for Privileged Passwords can communicate with the embedded sessions module via the SNMP channel. It also checks whether the sessions module can report significant events back to Safeguard for Privileged Passwords via SNMP. Keys: Checks whether the proper keys are in place in order for the embedded sessions module to communicate back to Safeguard for Privileged Passwords. Internal: Checks whether the embedded sessions module can interact with Safeguard for Privileged Passwords once a session request has been made. NOTE: The background of the Session Module Health pane changes colors indicating the current health of the embedded sessions module: Green: All components of the embedded sessions module are healthy (OK). Red: An error was encountered with at least one of the components. The error message is displayed. Click X in the upper right corner to close the Session Module Health pane.
Module Status	Displays the current status of the Privileged Sessions module.
Reset Sessions Module	When the Privileged Sessions module is not responding and users cannot connect to their target systems, click the Reset Sessions Module button to reboot the embedded sessions module. Click Reset Now in the Reset Sessions Module confirmation dialog. NOTE: Resetting the embedded sessions module will terminate all active sessions.

SSH Banner

It is the responsibility of the Appliance Administrator to define the banner text shown to session users when they initiate a privileged session. The SSH banner notifies session users that One Identity Safeguard for Privileged Passwords will record the current session.

To define the SSH banner text

1. Navigate to Administrative Tools | Settings | Sessions | SSH Banner.
2. In the Banner Text box, enter the text to be displayed to session users.
3. Click OK to save the message.

SSH Host Key

The SSH Host Key pane allows the Appliance Administrator to verify or specify the SSH host key is presented to the user's SSH client whenever an SSH session is started.

Navigate to Administrative Tools | Settings | Sessions | SSH Host Key.

Users

A user is a person who can log into Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Users and user groups.

Your administrator permissions determine what you can view in Users. Users displayed in a faded color are disabled. The following table shows you the tabs that are available to each type of administrator.

• Authorizer Administrator: General, History
• User Administrator: General, User Groups (directory users only), History
• Help Desk Administrator: General, History
• Auditor: General, User Groups , Partitions, Entitlements, Linked Accounts, History
• Asset Administrator: General, Partitions
• Security Policy Administrator: General, User Groups , Entitlements, Linked Accounts, History

The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Enabling or disabling a user.

The Users view displays the following information about a selected user:

• General tab (user): Displays the authentication, contact information, location, and permissions for the selected user.
• User Groups tab (user): Displays the user groups in which the selected user is a member.
• Partitions tab (user): Displays the partitions over which the selected user is a delegated partition administrator.
• Entitlements tab (user): Displays the entitlements in which the selected user is a member; that is, an entitlement "user".
• Linked Accounts tab (user): Displays the directory accounts linked to the selected user.
• History (user): Displays the details of each operation that has affected the selected user.

Use these toolbar buttons to manage users:

• Add User: Add users to Safeguard for Privileged Passwords. For more information, see Adding a user.
• Delete Selected: Remove the selected user. For more information, see Deleting a user.
• Refresh: Update the list of users.
• Import Users: Add users to Safeguard for Privileged Passwords. For more information, see Importing objects.
• User Security: Menu options include: Set Password and Unlock accounts. For more information about these options, refer to Setting a local user's password and Unlocking a user's account.
• Permissions: Display the Permissions dialog showing what administrative permissions apply to the selected user.
• Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.