Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.13.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us


When the asset's Authentication Type on the Connection tab is set to None, Safeguard for Privileged Passwords does not manage any accounts associated with the asset and does not store asset related credentials.

All assets must have a service account in order to check and change the passwords for the accounts associated with the asset.

Select the Auto Accept SSH Host Key to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the archive server. For more information, see Adding an archive server.

Attributes tab (add asset desktop client)

The Attributes tab is used to add attributes to directory assets, including Active Directory and LDAP. For more information, see Adding identity and authentication providers.

IMPORTANT: Some Active Directory attributes are fixed and cannot be changed.

Table 75: Active Directory and LDAP: Attributes tab
Safeguard for Privileged Passwords Attribute Directory Attribute
Object Class

Default: user for Active Directory, inetOrgPerson for LDAP

Click Browse to select a class definition that defines the valid attributes for the user object class.

User Name

sAMAccountName for Active Directory, cn for LDAP


userPassword for LDAP




Blank by default, this attribute can be set to a directory schema attribute that contains the list of directory groups of which the user is a member.

Alternate Login Name



By default the Alternate Login Name attribute for directories is set to userPrincipalName, however another directory attribute containing a UPN type account name can be used.

This attribute can be used in conjunction with the API's UseAltLoginName setting (disabled by default) which will instead use the Alternate Login Name as the account name. The API is PUT https://<host>/service/core/v3/AccessPolicies/{id} where the {id} is the id of the accessPolicy where you'll set the UseAltLoginName to true. UseAltLoginName is a boolean field on the asset data object.

Object Class

Default: group for Active Directory, groupOfNames for LDAP

Click Browse to select a class definition that defines the valid attributes for the computer object class.


sAMAccountName for Active Directory, cn for LDAP



Computer Attributes  

Object Class

Default: computer for Active Directory, ipHost for LDAP

Click Browse to select a class definition that defines the valid attributes for the computer object class.



Network Address

dNSHostName for Active Directory, ipHostNumber for LDAP

Operating System

operatingSystem for Active Directory

Operating System Version

operatingSystemVersion for Active Directory



Adding an asset (web client)

NOTE: For information on adding an asset via the desktop client, see Adding an asset (desktop client).

It is the responsibility of the Asset Administrator to add assets and accounts to Safeguard for Privileged Passwords.

Safeguard for Privileged Passwords allows you to set up Asset Discovery jobs that run automatically. For more information, see Asset Discovery job workflow.

Before you add systems to Safeguard for Privileged Passwords, make sure they are properly configured. For more information, see Preparing systems for management.

NOTE: There are special considerations for adding an MS SQL asset to Safeguard. See KB 261806 for details.

( web client) To add an asset

  1. Navigate to Asset Management | Assets.
  2. Click New Asset from the toolbar.
  3. In the dialog, provide information in each of the tabs:

    General tab (add asset web client)

    Where you add general information about the asset.

    Connection tab (add asset web client) Where you add the network address, operating system, and version information.
    Management tab (add asset web client)

    Where you add the partition, profile information, and enable session requests.

    Account Discovery tab (add asset)

    Where you add the Account Discovery job.

Related Topics

Adding an account to an asset

Assigning an asset to a partition

Assigning a profile to an asset

Assigning assets or accounts to a password profile and SSH key profile

General tab (add asset web client)

Use the General tab to specify general information about the asset.

Table 76: Asset: General properties
Property Description

(Required) Enter a unique display name for the asset.

Limit: 100 characters


(Optional) Enter information about this managed system.

Limit: 255 characters

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating