Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.7 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP Glossary About us

Auditing request workflow

In addition to reviewing activity, you can use the Activity Center to audit the transactions that occurred during the request workflow process, from request to approval to review. For session requests, you can also play back a recorded or live session if Record Sessions is enabled in the entitlement's policy.

If you are an authorized reviewer, you can audit an access request's workflow of a completed request awaiting review from the Home page as well.

To audit request workflow

  1. Open the Activity Center, use the query tiles to specify the content of the report, and click Run.

    TIP: You can change the activity category tile to specify that you want to see Access Request Activity, Session Specific Activity events, or both.

  2. Select an access request event and click Workflow to audit the transactions that occurred during the request's workflow from request to approval to review.

    TIP: If you ran an all activity report, use the filter in the Events column to locate the access request activities.
  3. For session requests that have Record Session enabled in the policy, you can play back a recorded or active session:

    1. Locate an access request session event and click Play to launch the Safeguard for Privileged Passwords Desktop Player. The following activities may be available to you:

      • A (green dot) indicates the session is "live". A user with Security Policy Administrator permissions can click this icon to follow an active session.
      • If the session recording has been archived and removed from the local Safeguard for Privileged Passwords file system, you will see a Download button instead of a Play button. Click Download to download the recording and then click Play.
    2. Accept the certificate to continue.
    3. Use one of the following methods to play back the session recording:

      • Click Play Channel from the toolbar at the top of the player.
      • Click the thumbnail in the upper right corner of the Information page.
      • Click Play Channel next to a channel in the Channels pane.
  4. For SSH session requests that have the Enable Command Detection option selected in the policy, you can review a list of the commands and programs run during the session.

    For RDP session requests that have the Enable Windows Title Detection option selected in the policy, you can review a list of all the windows opened on the desktop during the privileged session.

    1. Click the Sessions Events link above the transaction grid to view a list of all the session events and recordings available for the selected session.
    2. To see the individual events that occurred during a particular Initialize Session transaction:
      • Click Show Details to display additional information about the Initialize Session event, including Session Events.
      • Click the events link to view the commands and programs run during that particular Initialize Session event

    The Session Events dialog displays listing the events with a time stamp showing when the event occurred as well as in which recording if multiple recordings were created.

Filtering report results

To find information in an activity audit log report or entitlement report, use the controls in the grid heading row to filter the data. When a column has selected filter criteria, Safeguard for Privileged Passwords highlights the filter symbol.

To filter columns

  1. Click  Filter to open the filter list.
  2. Select individual objects in the filter list to display specific information.

    NOTE: You can also choose the Select All check box at the top of the filter list and clear individual objects.

Sorting report results

Use the controls in the grid heading row to sort report results or rearrange the columns of data. An arrow in the column heading identifies the sort criteria and order, ascending or descending, being used to display information.

To sort columns

  1. Click the column heading to be used for the sort criteria.
  2. The sort order is in ascending order. To change it to descending order, click the heading a second time.
  3. To specify a secondary sort order, press the SHIFT key and then click the heading of the column to be used for the secondary sort order.

To move columns

To change the order of the columns, click the heading of the column to be moved. Drag and drop the column to a new location within the grid.

To change the columns that display

In the upper right corner, click Column to see a list of columns that can be displayed in the grid. Select the check box for data to be included in the report. Clear the check box for data to be excluded from the report. The additional columns available depend on the type of activity included in the report.

Reports

 Reports allows the Auditor and Security Policy Administrators to view and export entitlement reports that show which assets and accounts a selected user is authorized to access. Reports may be exported in .csv or .json format.

Reports toolbar

The toolbar at the top of Reports contains these options.

  • Refresh: Updates the entitlement report.
  • Export: Used to create a .csv or a .json file of the report. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts.

The time is set according to the user time zone. You can convert timestamps another time, if necessary. For more information, see Converting time stamps.

Entitlement reports

One Identity Safeguard for Privileged Passwords provides these entitlement reports.

  • User: Lists information about the accounts a selected user is authorized to request.
  • Asset: Lists information about the accounts associated with a selected asset and the users who have authorization to request those accounts.
  • Account: Lists detailed information about the users who have authorization to request a selected account including: Entitlement, Policy, Access Type, Password Included, Password Change, Time Restrictions, Expiration Date, Group, From Linked Account, and Last Accessed.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating