Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.9 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Owners tab (assets)

The Owners tab displays information about the owners associated with the account (and its associated assets). For more information on altering the owners assigned via tags, see Modifying an asset or asset account tag.

Navigate to Administrative Tools | Assets | Owners. The Owners tab has two views: Asset Owners and Partition Owners.

Table 50: Assets: Owners tab properties
Property Description

Asset Owners

Type

The type of owner.

Name

The name of the owner.

Provider

The name of the authentication provider.

Direct

This column indicates the ownership of the object was assigned directly rather than through the use of a tag.

Via Tag

This column indicates the ownership of the object was assigned through the use of a tag.

Partition Owners

Type

The type of user or group.

Name

The name of the user or group.

Provider

The name of the authentication provider.

Use the following buttons on the details toolbar to manage the objects owned by the selected asset.

Table 51: Assets: Owners toolbar
Option Description

Add User/User Groups

Add one or more users or user groups to the selected asset. For more information, see Adding users or user groups to an asset.

Remove Selected

Remove the selected object from being a manager of the selected asset. You can only remove objects directly assigned to an asset (as opposed to those assigned via the use of a tag).

Refresh

Update the list of owners/managers.

Details

View additional details about the owner/user or group.

Search

To locate a specific object in this list, enter the character string to be used to search for a match. For more information, see Search box.

Asset Administrators and Auditors can also generate reports showing more detailed information on the ownership of specific objects (including effective ownership). For more information, see Running an ownership report.

Access Request Policies tab (asset)

The Access Request Policies tab displays the entitlements and access request policies associated with the selected asset.

Navigate to Administrative Tools | Assets | Access Request Policies.

Table 52: Assets: Access Request Policies tab properties
Property Description

Entitlement

The name of the access request policy's entitlement.

Access Request Policy

The name of the policy that governs the selected asset.

Request Type

The type of access request, for example, password, RDP, or SSH key.

Accounts

The number of unique accounts associated with the access request.

# Account Groups

The number of unique account groups associated with the access request.

Account Groups

The names of the account groups ssociated with the access request.

Assets

The number of unique assets that are associated with the access request policy.

# Asset Groups

The number of unique asset groups in the access request policy.

Asset Groups

The names of the asset groups that associate the selected asset with the policy.

Use these buttons on the details toolbar to manage your access request policies associated with the selected asset.

Table 53: Assets: Access Request Policies tab toolbar
Option Description

Add to Policy

Add the selected asset to the scope of a session access request policy.

Remove Selected

Remove the selected policy. For more information, see Deleting an access request policy.

Refresh

Update the list of access request policies.

Details

View and edit details about the selected access request policy. For more information, see Creating an access request policy.

Search

To locate a specific policy or set of policies in this list, enter the character string to be used to search for a match. For more information, see Search box.

Asset Groups tab (asset)

The Asset Groups tab displays the asset groups that contain the selected asset.

Only the assets that support session management can be added to asset groups and dynamic asset groups. Assets that do not support session management include but may not be limited to Directory assets. When you create the asset, the Management tab has an Enable Session Request check box if sessions is supported. For more information, see Supported platforms. This section lists SPP and SPS support by platform.

The Auditor and Security Policy Administrator have permission to access Asset Groups.

Click  Add Asset Groups from the details toolbar to add the selected asset to one or more asset groups.

Navigate to Administrative Tools | Assets | Asset Groups.

Table 54: Assets: Asset Groups tab properties
Property Description

Name

The asset group name.

Dynamic

A check mark in this column indicates that the group is a dynamic asset group.

Description

Information about the asset group.

The toolbar includes the following:

Table 55: Assets: Asset Groups tab toolbar
Option Description

Add Asset Group

Add an asset group to the selected asset.

Delete Selected

Remove the selected asset group from the asset.

Refresh

Update the list of asset groups.

Search

To locate a specific asset group in this list, enter the character string to be used to search for a match. For more information, see Search box.

Related Topics

Adding an asset to asset groups

Discovered Services tab (asset)

The Discovered Services tab displays information specific to the selected asset and is applicable only to Windows assets.

Navigate to Administrative Tools | Assets | Discovered Services.

Use these buttons to manage the discovered services.

Table 56: Discovered Services: Toolbar
Option Description
Discover Services

Run the selected service discovery job.

Refresh

Update the list of service discovery jobs.

Search

To locate one or more assets, enter the character string to be used to search for a match. For more information, see Search box.

The following displays for each discovered service.

Table 57: Assets: Discovered Services tab properties
Property Description

Account

The account in Safeguard that maps to the discovered account associated with the discovered service or task on the asset. This can be a local account or an Active Directory account.

Domain Name

The domain name of the account if the account is an
Active Directory account.

System Name

The asset to which the account is associated.

Account Status

The status of the Safeguard account. If Safeguard manages the account, the value is Managed. If the account is disabled, the value is blank.

Dependent Account

A check displays if the account is associated as an account dependency on the asset. The value is blank if the account is not associated as an account dependency of the asset.

This automatic dependency mapping only happens if you select the following options. Select the Automatically Manage Found Accounts option on the account discovery job associated with the profile that is associated to the asset. For more information, see Adding an Account Discovery rule.

Service Type

Type of service discovered. Values may be Service or Task.

Service Name

The name of the discovered service or task.

Service Enabled

A check displays if the service or task on the asset is enabled. If there is no check mark, the service or task is disabled.

Discovered Account

The discovered service account name configured.

Date/Time Discovered

The date and time when the service or task was discovered.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating