Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

One Identity Safeguard for Privileged Passwords 6.0.9 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP glossary

Users

A user is a person who can log in to Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Users and user groups.

Your administrator permissions determine what you can view in Users. Users displayed in a faded color are disabled. The following table shows you the tabs that are available to each type of administrator.

  • Authorizer Administrator: General, History
  • User Administrator: General, User Groups (directory users only), History
  • Help Desk Administrator: General, History
  • Auditor: General, User Groups , Partitions, Entitlements, Linked Accounts, History
  • Asset Administrator: General, Partitions
  • Security Policy Administrator: General, User Groups , Entitlements, Linked Accounts, History

The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Enabling or disabling a user.

The Users view displays the following information about a selected user:

  • General tab (user): Displays the authentication, contact information, location, and permissions for the selected user.
  • User Groups tab (user): Displays the user groups in which the selected user is a member.
  • Partitions tab (user): Displays the partitions over which the selected user is a delegated partition administrator.
  • Entitlements tab (user): Displays the entitlements in which the selected user is a member; that is, an entitlement "user".
  • Linked Accounts tab (user): Displays the directory accounts linked to the selected user.
  • History (user): Displays the details of each operation that has affected the selected user.

Use these toolbar buttons to manage users:

 

General tab (user)

The General tab lists information about the selected user.

Large tiles at the top of the tab display the number of User Groups, Partitions, Entitlements, and Linked Accounts associated with the selected user, based on the user's permissions. Clicking a tile heading opens the corresponding tab.

The tiles visible depend on your administrator permissions:

  • All tiles are visible to the Auditor.
  • Partitions tile is visible to Asset Administrator.
  • User Groups, Entitlements, and Linked Accounts tiles are visible to Security Policy Administrator.

Table 178: Users General tab: Authentication properties
Property Description

Identity

 

Identity Provider

The source from which the user’s personal information comes from and is synchronized with.

Username A user's display name.
First Name The user's first name.
Last Name The user's last name.
Work Phone

The user's work telephone number.

Mobile Phone

The user's mobile telephone number.

Email Address The user's email address.

Authentication

 

Authentication Provider

How the user authenticates with Safeguard for Privileged Passwords:

  • Certificate: with a certificate
  • Local: with a user name and password
  • Directory name: with directory credentials

Login name

The identifier the user logs in with.

Domain Name

If the primary Authentication Provider is a directory, this indicates the directory's domain name.

Distinguished Name

The distinguished name for authentication.

Secondary Authentication

If you set up a user to require secondary authentication, this indicates the name of this user's secondary authentication service provider.

Secondary Authentication Username

The name of the user account on the secondary authentication service provider required at log in.

Location

 

Time Zone

The user's geographic location.

Permissions

 

Permissions

Lists the user's administrator permissions or "Standard User" if user does not have administrative permissions.

Description

 

Description

The description text entered the user information was added or updated. This may be entered on the User dialog, Identity tab in the Description text box.

Related Topics

Modifying a user

User Groups tab (user)

The User Groups tab displays the user groups in which the selected user is a member.

The User Groups tab is available to a user with Auditor or Security Policy Administrator permissions and to the User Administrator for directory users (not for local users).

Table 179: Users: Users Groups tab properties
Property Description
Name

The user group name

Type

The type of group: User Group or Directory Group

Distinguished Name

The distinguished name of the group

Description

Information about the selected user group

Use the following buttons on the details toolbar to manage the user groups associated with the selected user.

Table 180: Users: User Groups toolbar
Option Description

Add User Group

Add the user to one or more user groups to the user. For more information, see Adding a user to user groups.

Remove Selected

Remove the selected user group from the selected user.

Refresh

Retrieve and display an updated list of user groups associated with the selected user.

Search

To locate a specific user group in this list, enter the character string to be used to search for a match. For more information, see Search box.

Partitions tab (user)

The Partitions tab displays the partitions over which the selected user is a delegated partition administrator. The Partitions tab is available to a user with Auditor or Asset Administrator permissions.

Table 181: Users: Partitions tab properties
Property Description
Name

The partition name

Description

Information about the selected partition.

Use the following buttons on the details toolbar to manage the partitions associated with the selected user.

Table 182: Users: Partitions toolbar
Option Description

Assign Partition(s)

Delegate the selected user as an administrator to one or more partitions. For more information, see Assigning a user to partitions.

Remove Selected

Remove the selected partition from the selected user.

Refresh

Retrieve and display an updated list of partitions associated with the selected user.

Search

To locate a specific partition in this list, enter the character string to be used to search for a match. For more information, see Search box.

 

 

Related Topics

Assigning a user to partitions

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating