Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.0.3 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Deleting a user

Typically, it is the responsibility of the Authorizer Administrator to delete administrator users and the User Administrator to delete non-administrator users.

IMPORTANT: When you delete a local user, Safeguard for Privileged Passwords deletes the user permanently. If you delete a directory user that is part of a directory user group, the next time it synchronizes its database with the directory, Safeguard for Privileged Passwords will add it back in.

To delete a user

  1. Navigate to User Management > Users.
  2. In Users, select a user from the object list.
  3. Click Delete.
  4. Confirm your request.

Setting a local user's password

It is primarily the responsibility of the Authorizer Administrator to set passwords for administrators. The User Administrator and Help Desk Administrator set passwords for non-administrator local users. These administrators can only set passwords for local users. Directory user passwords are maintained in an external provider, such as Microsoft Active Directory.

To set a local user's password

  1. Navigate to User Management > Users.
  2. Select a local user from the object list and perform one of the following:
    • From the toolbar options, select  Set Password.
    • On the Properties tab, click Set Password.
  3. In the Set Password dialog, enter the new password.
  4. If you want to require the user to change their password during their next login, make sure the User must change password at next login check box is selected.
  5. Click Set Password. You must comply with the password requirements specified in the dialog. For more information, see Local Password Rule.

Unlocking a local user's account

If you are unable to log in, your account may have become "locked" and is therefore disabled. For example, if you enter a wrong password for the maximum number of times specified by the account Lockout Threshold settings, Safeguard for Privileged Passwords locks your account. For more information, see Local Login Control.

Typically, it is the responsibility of the Authorizer Administrator to unlock administrator accounts, and the User Administrator and Help Desk Administrator to unlock non-administrator local users.

To unlock a local user's account

  1. Navigate to User Management > Users.
  2. Select a "locked" user from the list.
  3. From the toolbar options, select  Unlock.

User Groups

NOTE: The User Groups page is accessible from the following locations:

  • Security Policy Management > User Groups

  • User Management > User Groups

Safeguard for Privileged Passwords allows you to either create a local group that exists and is managed within Safeguard for Privileged Passwords only, or add a directory group that is synchronized from an external Active Directory or LDAP server. Then a Security Policy Administrator can add one or more user groups to an entitlement, which will authorize members of the group(s) to request access to the accounts and assets governed by the entitlement's access request policies.

User Groups is available to the Authorizer Administrator, User Administrator, Security Policy Administrator, Help Desk Administrator, Auditor, and Asset Administrator. Not all functionalities will be available to all user types.

The User Groups view displays the following information about the selected user or directory group.

  • Properties tab (user groups): Displays general information about the selected user group.
  • Users tab (user groups): Displays the members of the selected group.

  • Entitlements tab (user groups): Displays the entitlements for which the group has been assigned to. All members of the group then inherit access to the request policies of the entitlement.

    NOTE: The Entitlements tile is only visible to the Auditor and Security Policy Administrator.

  • History (user): Displays the details of each operation that has affected the selected group.

Use these toolbar buttons to manage users.

User Group : Add user groups to Safeguard for Privileged Passwords. For more information, see Adding a user group.

Directory User Group : Add a directory user group to Safeguard for Privileged Passwords. For more information, see Adding a directory user group.

Delete : Remove the selected user group. For more information, see Deleting a user group.

Edit: Edit the selected user group.

Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh: Update the list of user groups.

  • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.
    • Related Documents

    The document was helpful.

    Select Rating

    I easily found the information I needed.

    Select Rating