Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.0.9 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP glossary

Password is pending review

Safeguard for Privileged Passwords can resolve a situation when a user needs to request an account password but cannot because there is a previous password release request still in the Pending Review state and the designated reviewer is not available. If the request is left in this state, Safeguard for Privileged Passwords prevents users from checking out the account password. In such a situation, the Security Policy Administrator can close the request without review.

You can also set up requests so that pending reviews do not block access. For more information, see Reviewer tab.

To close a password without review

  1. Log in as a user with Security Policy Administrator permissions.
  2. On the Home page, click Refresh.
  3. Open Administrator to review the pending request.
  4. Select Close Request.
  5. Type an explanation in the Comment box of up to 255 characters (required).
  6. Select Close Request.

You can query and view all requests closed without review in the Activity Center. Filter the events by Password Request Closed, then export the search results to see the old state and new state.

Related Topics

Password is pending a reset

Password is pending a reset

If a user receives a persistent message that states either of the following, the account password is stuck in a pending password change state:

  • You cannot checkout the password for this account while another request is pending password reset
  • This account has password requests which have not yet expired or have to be reviewed. It cannot be deleted now"

Possible solutions:

  • Ensure that the service account for the asset associated with this account is working. Then manually change the account password. For more information, see Checking, changing, or setting an account password.
  • Or, if the service account for the asset is working properly and the policy governing the account allows emergency access and has enabled multiple users simultaneous access, you can instruct the user to request the password using Emergency Access.

You can allow new access requests whether a prior request is approved or not approved. In other words, no requests will be blocked based on the approval status of a prior request. Setting the Pending reviews do not block access check box only pertains to future requests. For more information, see Reviewer tab.

Related Topics

Password is pending review

Profile did not run

The password management settings Settings | Access Request | Enable or Disable Services enable the automatic profile check and change schedules in partitions.

Ensure the password management settings are enable for profiles to run on schedule:

  • Check Password Management Enabled
  • Change Password Management Enabled

For more information, see Enable or Disable Services (Access and management services).

Recovery Kiosk (Serial Kiosk)

Safeguard for Privileged Passwords provides a Recovery Kiosk (Serial Kiosk) with the following options.

  • Support bundle: Allows you to generate and send a support bundle to a Windows share.

To start the Recovery Kiosk

On the terminal or laptop running the Recovery Kiosk, you must configure your serial port settings as follows:

  1. Connect a serial cable from a laptop or terminal to the serial port on the back of the appliance marked with |0|0|.
  2. On the laptop or terminal, configure the serial port settings as follows:

    • Speed: 115200
    • Data bits: 8
    • Parity: None
    • Stop bit: 1
  3. These options display on the Recovery Kiosk screen:

    • Appliance Information
    • Power Options

      • Reboot
      • Shut Down
    • Admin Password Reset
    • Factory Reset (Not available for virtual appliances.)
    • Support Bundle
  4. Use the up-arrow and down-arrow to select one of these options.
  5. Use the right-arrow to initiate the option.
  6. Use the left-arrow to return to the option.
Kiosk keyboard shortcuts

Safeguard for Privileged Passwords provides these keyboard shortcuts. If you make the window too small to accommodate the kiosk elements, Safeguard for Privileged Passwords tells you how to readjust the window size.

  • Ctrl + D: Resets the kiosk to its original state. Clears challenges and options.

    Caution: When resetting the Bootstrap Administrator's password or performing a factory reset, if you reset the kiosk before you receive the response from One Identity Support, you must submit a new challenge.

  • Ctrl + R: Re-fdraws the kiosk to fit a resized window. If you resize the window, press Ctrl + R to reorganize the kiosk elements to fit properly into the newly-sized window.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating