Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.9 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Filtering report results

To find information in an activity audit log report, ownership report, or entitlement report, use the controls in the grid heading row to filter the data. When a column has selected filter criteria, Safeguard for Privileged Passwords highlights the filter symbol.

To filter columns

  1. Click  Filter to open the filter list.
  2. Select individual objects in the filter list to display specific information.

    NOTE: You can also choose the Select All check box at the top of the filter list and clear individual objects.

Sorting report results

Use the controls in the grid heading row to sort report results or rearrange the columns of data. An arrow in the column heading identifies the sort criteria and order, ascending or descending, being used to display information.

To sort columns

  1. Click the column heading to be used for the sort criteria.
  2. The sort order is in ascending order. To change it to descending order, click the heading a second time.
  3. To specify a secondary sort order, press the SHIFT key and then click the heading of the column to be used for the secondary sort order.

To move columns

To change the order of the columns, click the heading of the column to be moved. Drag and drop the column to a new location within the grid.

To change the columns that display

In the upper right corner, click Column to see a list of columns that can be displayed in the grid. Select the check box for data to be included in the report. Clear the check box for data to be excluded from the report. The additional columns available depend on the type of activity included in the report.

Reports

 Reports allows the Auditors and Security Policy Administrators to view and export entitlement reports that show which assets and accounts a selected user is authorized to access. Asset Administrators and Auditors can view and export ownership reports that show which assets, accounts, and partitions a selected user manages. Reports may be exported in .csv or .json format.

Reports toolbar

The toolbar at the top of Reports contains these options.

  • Refresh: Updates the entitlement report.
  • Export: Used to create a .csv or a .json file of the report. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts.

The time is set according to the user time zone. You can convert timestamps another time, if necessary. For more information, see Converting time stamps.

Entitlement reports

One Identity Safeguard for Privileged Passwords provides these entitlement reports.

  • User: Lists information about the accounts a selected user is authorized to request.
  • Asset: Lists information about the accounts associated with a selected asset and the users who have authorization to request those accounts.
  • Account: Lists detailed information about the users who have authorization to request a selected account including: Entitlement, Policy, Access Type, Password Included, Password Change, Time Restrictions, Expiration Date, Group, From Linked Account, and Last Accessed.
Ownership reports

One Identity Safeguard for Privileged Passwords provides these ownership reports:

  • User: Lists information about ownership based on each owner.

  • Partition: Lists information about ownership for a partition.

  • Asset: Lists information about ownership for an asset.

  • Account: Lists information about ownership for an account.

  • Tag: Lists information about owners of assets and accounts assigned to a tag.

Running an entitlement report

You can run an entitlement report.

To run an entitlement report

  1. From the Safeguard for Privileged Passwords desktop Home page, select  Reports.
  2. In the first drop-down, choose a type of report: User, Asset, or Account.
  3. In the second drop-down, you can select All or you can select Browse to select one or more objects for the report. If you select multiple objects, the selected objects display in the center of the page. Click a selected object to display the object's information at the bottom of the page.
  4. The top of the report displays the following information.

    User:

    • Name: The name of the user.
    • Username: The user name used for authentication.
    • Domain name: The name of the domain of the user.
    • Accounts: Number of accounts each user is allowed to access.
      If an access request policy allows password access to linked accounts, an account may display twice: once based on the policy scope and a second time because it is a linked account. In the bottom grid, see the From Linked Account column. For more information, see Access Config tab.

    Asset:

    • Name: The name of the asset.
    • Accounts: Number of accounts on this asset that can be accessed.
    • Requesters: Number of users allowed to request access to the asset's accounts.
    • Partition: The name of the partition to which the asset belongs.
    • Users: The name of the requesters allowed to request access.

    Account:

    • Name: Name of the account.
    • Asset: Name of the asset associated with the account.
    • Domain Name: If applicable, the domain of the account.
    • Requesters: Number of requesters allowed to access an account.
  5. Select an item from the top pane to view additional detail in the lower pane.
    For entitlements by assets, you can continue to drill down into the details of an item. For example, you can view both the Total Accounts tab and the People tab to see more details about the users that can request the accounts on an asset. Select an item from the results to drill down further into the details about the users and the accounts.
  6. To filter the results, use the filter control in the column heading. For more information, see Filtering report results.

To export the report

  1. To export, select Export and then select Export as CSV or Export as JSON. Save the file to the location desired. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts.

  2. The time is set according to the user time zone. You can convert timestamps another time, if necessary. Once the report is exported, you can convert time stamps to local time, if necessary. For more information, see Converting time stamps.

To run the report

Click the Run button to generate the report.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating