Safeguard for Privileged Passwords discovery jobs can find assets, accounts, SSH keys, and services in your network environment. This can simplify initial deployment and ongoing maintenance of the privileged accounts in your network environment.
Details on the jobs follow.
Asset Discovery: Asset Discovery jobs find assets by searching directory assets, such as Active Directory, or by scanning network IP ranges. Rules control which assets are found. Asset Discovery jobs can be scheduled to run on regular intervals. The discovery job can be configured with templates to set default settings on newly created assets including connection details. The assets created by discovery jobs are considered to be managed by Safeguard, but this has no effect on the network asset. An asset with valid connection information can be used for account discovery.
If you use Directory as the asset discovery Method, directory assets that are shared can be discovered into any partition. To share a directory asset, select Available for discovery across all partitions for the asset; see Management tab (add asset).
Account Discovery: Account Discovery jobs find accounts by searching directory assets such as Active Directory or by scanning local account databases on Windows and Unix assets (/etc/passwd) that are associated with the account discovery job. Rules control which accounts are found. Account discovery jobs can be scheduled to run on regular intervals. The discovery job can be configured to set default settings on newly created accounts. Accounts found by account discovery are neither managed nor disabled until you decide to manage them or disable them. If an account is managed by Safeguard, this means the password can be managed according to the profile settings associated with the discovery job. Safeguard can make the account available for password and/or session requests according to configured entitlements and policy.
The accounts in the scope of the discovery job may include accounts that were previously added (manually) to the Safeguard partition. For more information, see Adding an account.
- Service Discovery: Service Discovery jobs find Windows services that run as accounts managed by Safeguard. If Safeguard is managing the service account password, Safeguard can update the Windows service configuration to match the password when the password changes and restart the service automatically.
- SSH Key Discovery: SSH Key Discovery jobs search user directories and discover the authorized SSH keys in managed accounts.
In the web client, information on all discovered items is shown by default. You can also use the Partition drop-down to select a specific partition to view information on.
The following tiles are displayed in the Discovered Items section:
Accounts: This displays the number of discovered accounts. Click the tile for detail.
Services: This displays the number of discovered services. Click the tile for detail. You can launch discover service account jobs from Asset Management > Assets > (View Details) > Discovered Services. For more information, see Discovered Services tab (asset).
SSH Keys: This displays the number of discovered SSH keys. Click the tile for detail.
The Discovery Jobs section is broken into the follow tabs:
Assets tab: This tab shows the Asset Discovery jobs available to run against the directories or networks to discover assets for potential management displays.
- Accounts tab: This tab shows the Account Discovery jobs available to run against the in scope assets to discover accounts for potential management displays.
- SSH Keys tab: This tab shows the SSH Key Discovery jobs available to run against the managed accounts to discover SSH keys for potential management displays.