Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Deleting a user group

Both Authorizer Administrator and User Administrator can delete local and directory user groups. A Security Policy Administrator can only delete local groups without permissions on them.

When you delete a user group, Safeguard for Privileged Passwords does not delete the users associated with it.

To delete a user group

  1. Navigate to:

    • web client: Security Policy Management > User Groups or User Management > User Groups.
  2. In User Groups, select a user group from the list.
  3. Click Delete.
  4. Confirm your request.

Security Policy Settings

In the web client, Security Policy Management has a settings page used to manage Sessions Password Access and the Audit Log Stream Service. You can also manage the reasons for requesting access to a password, SSH key, or session.

  • Navigate to Security Policy Management > Settings to manage the settings listed below.
    Table 206: Security Policy Settings
    Setting Description

    Maximum Notification Recipients

    Set the maximum number of notification recipients.

    Expiration Warning Duration

    Enter the number of days for the warning to expire.

    Show User Name in Access Request Conflict Messages

    When the check box is selected, if there is a conflicting access request for the time period a user wants to request, the error message will include the name of the user who requested the conflicting access request. When the check box is cleared, the error message will show the access request id instead. This check box is cleared by default.

    Session Password Access Enabled

    Use this to enable or disable session password access. This feature is disabled by default.

    Audit Log Stream Service

    Use this to send Safeguard for Privileged Passwords data to Safeguard for Privileged Sessions (SPS) to audit the Safeguard privileged management software suite. The feature is disabled by default.

    To accept SPP data, the SPS Appliance Administrator must turn on audit log syncing. For information, see the Safeguard for Privileged Sessions Administration Guide.

    SPP and SPS must be linked to use this feature. For more information, see SPP and SPS sessions appliance link guidance.

    While the synchronization of SPP and SPS is ongoing, SPS is not guaranteed to have all of the audit data at any given point due to some latency.

    NOTE: This setting is also available under Appliance Management > Enable or Disable Services. For more information, see Enable or Disable Services.


    From this pane you can manage the reasons for requesting access to a password, SSH key, or session. For more information, see Reasons.

  • Reasons

    In an access request policy, a Security Policy Administrator can require that a requester provide a reason for requesting access to a password, SSH key, or session. Then, when requesting access, the user can select a predefined reason from a list. For example, you might use these access request reasons:

    • Software Updates
    • System Maintenance
    • Hardware Issues
    • Problem Ticket

    To configure access request reasons

    1. Navigate to Security Policy Management > Settings > Reasons.
    2. Click Add to add a new reason.
    3. In the New Reason dialog, enter the following:
      1. Name: Enter a name for the reason. Limit: 50 characters

      2. Description: Enter a description for the reason. Limit: 255 characters

    4. Click Save.

    To edit a reason, select a previously configured reason and click Edit.

    To delete a reason, select a previously configured reason and click Delete.

    User Management

    In the web client, expand the User Management section in the left navigation pane.

    The following pages are available. See each section for a description of the functions available.

    Related Documents

    The document was helpful.

    Select Rating

    I easily found the information I needed.

    Select Rating