Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.10 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Viewing task status

Safeguard for Privileged Passwords displays a number on your Toolbox navigation link to notify you when you have any tasks running.

To view task status

  1. Navigate to  Administrative Tools l Toolbox.
  2. Click  Popout in the upper right corner to float the Tasks pane.

    You can then select and drag the pane to any location on the console and resize the window.

  3. Depending on what tasks are being performed, you can view progress in tabs like the Task Output tab, Operations tab, or SshCommunication tab.
  4. Click  Remove to delete a task from the pane.
  5. Click  Cancel next to a running task to stop a task.
  6. Click Clear to remove all items from the Tasks pane.

Stopping a task

To stop a task

  1. Navigate to  Administrative Tools l Toolbox.
  2. Open the Tasks pane.
  3. Click  Popout in the upper right corner to float the Tasks pane.
  4. Click  Cancel next to a running task.

Accounts

A Safeguard for Privileged Passwords account is a unique identifier that Safeguard for Privileged Passwords uses to control access to assets. Managed accounts (including directory accounts and service accounts) and groups of accounts can be associated with an asset. Each account has an associated asset; if you delete an asset, Safeguard for Privileged Passwords permanently deletes all the accounts associated with it.

The Auditor and the Asset Administrator have permission to access Accounts.

On Unix assets, the accounts are stored in etc/passwd; however, each platform implements this concept differently.

Service accounts are designated with a Service Account icon. For more information, see About service accounts.

Navigate to Administrative Tools | Accounts to display the following information about the selected account.

For information about configuring Account Discovery in Safeguard for Privileged Passwords, see Account Discovery job workflow.

Use these toolbar buttons to manage accounts.

General tab (account)

The General tab lists information about the selected account.

Large tiles at the top of the tab display the number of Access Request Policies, objects Owners, Account Groups, and Dependent Assets associated with the selected account. Clicking a tile heading opens the corresponding tab. The time stamps for the password and SSH key check and change transactions are based on the user's local time.

Navigate to Administrative Tools | Accounts | General. Information for the account displays. Not all the information listed below is applicable for every account.

Table 18: Accounts General tab: General properties
Property Description
Name The name of the selected account.

Distinguished Name

For LDAP platforms, the fully qualified distinguished name (FQDN) for the service account

Domain Name (for directories)

The name of the domain where the account was discovered

SID (for directories)

Security IDentifer for a Windows account.

Asset

The display name of the managed system associated with this account. Accounts are only associated with one asset.

Asset Type

The type of the asset (for example, Windows, Linux, LDAP, or Active Directory).

Partition The name of the partition where the selected account resides.
Password Profile

The name of the password profile that governs the accounts assigned to a partition.

Password Sync Group

If assigned, the password sync group to control password validation and reset across all associated accounts.

SSH Key Profile

The name of the SSH key profile that governs the accounts assigned to a partition.

SSH Key Sync Group

If assigned, the SSH key sync group to control SSH key validation and reset across all associated accounts.

Account Discovery Job

The account discovery job with rule-based settings to discover all accounts that are assigned to the assets in a selected partition, that are made available globally, or that meet the rules criteria.

Date/Time Discovered

The date and time when the account was discovered.

Discovered User ID

The User ID of the discovered account.

Discovered Groups (for directories)

The groups in which the account is a member. Click the link to go to the Discovered groups dialog to view the groups.

Enable Password Request True or False, indicating whether password release requests are enabled for this account.
Enable Session Request True or False, indicating whether session access requests are enabled for this account.
Enable SSH Key Request True or False, indicating whether SSH key release requests are enabled for this account.

Available for use across all partitions (Global Access for directories)

When selected, any partition is able to use this account and the password is given to other administrators. For more information, see Adding an Account Discovery rule.

Last Successful Password Check

The date and time of the last successful password validation.

Last Failed Password Check

The date and time of the last password validation failure.

Password Check Failures

Displays the number of password check tasks that failed.

Next Password Check

The date and time of the next automated password check as set in the Check Password schedule of the profile. For more information, see Adding check password settings.

Last Successful Password Change

The date and time of the last successful password change.

Last Failed Password Change

The date and time of the last password change failure.

Password Change Failures

Displays the number of password change tasks that failed.

Next Password Change

The date and time of the next automated password change as set in the Change Password schedule of the profile. For more information, see Adding change password settings.

Last Successful SSH Key Check

The date and time of the last successful SSH key validation.

Last Failed SSH Key Check

The date and time of the last SSH key validation failure.

SSH Key Check Failures

Displays the number of SSH key check tasks that failed.

Next SSH Key Check

The date and time of the next automated SSH key check as set in the Check SSH Key schedule of the profile. For more information, see Adding SSH key check settings .

Last Successful SSH Key Change

The date and time of the last successful SSH key change.

Last Failed SSH Key Change

The date and time of the last SSH key change failure.

SSH Key Change Failures

Displays the number of SSH key change tasks that failed.

Next SSH Key Change

The date and time of the next automated SSH key change as set in the Change SSH Key schedule of the profile. For more information, see Adding SSH key change settings.

Last Successful SSH Key Discovery

The date and time of the last successful SSH key discovery. For more information, see SSH Key Discovery job workflow.

Last Failed SSH Key Discovery Attempt

The date and time of the last failed SSH key discovery attempt.

SSH Key Discovery Failures

The number of SSH key discovery failures. You can view a list of the accounts.

Next SSH Key Discovery

The date and time for the next SSH key discovery attempt. On the Dashboard, Account Automation tab, you can view a list of accounts where SSH key discovery tasks failed. For more information, see Account Automation.

Tags: Tag assignments for the selected account.

The tiles displayed in the Tags pane include both the dynamic tags added through tagging rules and static tags that were added manually. In addition to viewing tag assignments, Asset Administrators can add and remove statically assigned tags.

NOTE: Dynamically assigned tags contain a lightening bolt icon and cannot be deleted. Static tags which can be removed contain an X icon.

Description: Information about selected account.

Related Topics

Modifying an account

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating