Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Discovery

Safeguard for Privileged Passwords discovery jobs can find assets, accounts, SSH keys, and services in your network environment. This can simplify initial deployment and ongoing maintenance of the privileged accounts in your network environment.

Details on the jobs follow.

  • Asset Discovery: Asset Discovery jobs find assets by searching directory assets, such as Active Directory, or by scanning network IP ranges. Rules control which assets are found. Asset Discovery jobs can be scheduled to run on regular intervals. The discovery job can be configured with templates to set default settings on newly created assets including connection details. The assets created by discovery jobs are considered to be managed by Safeguard, but this has no effect on the network asset. An asset with valid connection information can be used for account discovery.

    If you use Directory as the asset discovery Method, directory assets that are shared can be discovered into any partition. To share a directory asset, select Available for discovery across all partitions for the asset; see Management tab (add asset).

  • Account Discovery: Account Discovery jobs find accounts by searching directory assets such as Active Directory or by scanning local account databases on Windows and Unix assets (/etc/passwd) that are associated with the account discovery job. Rules control which accounts are found. Account discovery jobs can be scheduled to run on regular intervals. The discovery job can be configured to set default settings on newly created accounts. Accounts found by account discovery are neither managed nor disabled until you decide to manage them or disable them. If an account is managed by Safeguard, this means the password can be managed according to the profile settings associated with the discovery job. Safeguard can make the account available for password and/or session requests according to configured entitlements and policy.

    The accounts in the scope of the discovery job may include accounts that were previously added (manually) to the Safeguard partition. For more information, see Adding an account.

  • Service Discovery: Service Discovery jobs find Windows services that run as accounts managed by Safeguard. If Safeguard is managing the service account password, Safeguard can update the Windows service configuration to match the password when the password changes and restart the service automatically.
  • SSH Key Discovery: SSH Key Discovery jobs search user directories and discover the authorized SSH keys in managed accounts.

In the web client, information on all discovered items is shown by default. You can also use the Partition drop-down to select a specific partition to view information on.

The following tiles are displayed in the Discovered Items section:

  • Accounts: This displays the number of discovered accounts. Click the tile for detail.

  • Services: This displays the number of discovered services. Click the tile for detail. You can launch discover service account jobs from Asset Management > Assets > (View Details) > Discovered Services. For more information, see Discovered Services tab (asset).

  • SSH Keys: This displays the number of discovered SSH keys. Click the tile for detail.

The Discovery Jobs section is broken into the follow tabs:

  • Assets tab: This tab shows the Asset Discovery jobs available to run against the directories or networks to discover assets for potential management displays.

  • Accounts tab: This tab shows the Account Discovery jobs available to run against the in scope assets to discover accounts for potential management displays.
  • SSH Keys tab: This tab shows the SSH Key Discovery jobs available to run against the managed accounts to discover SSH keys for potential management displays.

Asset Discovery

You can schedule one or more Asset Discovery jobs to run automatically against the directories or network (IP range) you have added to Safeguard for Privileged Passwords. The assets in the scope of the discovery job may include assets that were previously added (manually) to the Safeguard partition. For more information, see Adding an asset.

If you use Directory as the asset discovery Method, directory assets that are shared can be discovered into any partition. To share a directory asset, select Available for discovery across all partitions for the asset; see Management tab (add asset).

When an Asset Discovery job runs, the found asset is added to Assets. If the operating system cannot be detected in the Network Scan or Directory method of asset discovery, the Linux operating system is applied which you can modify later.

For more information, see Asset Discovery job workflow.

Properties and toolbar

Go to Asset Discovery:

  • web client: Navigate to Asset Management > Discovery > Assets

Use these toolbar buttons to manage the discovery job settings.

Table 121: Asset Discovery: Toolbar
Option Description
New Asset Discovery Job

Add an Asset Discovery job. For more information, see Adding an Asset Discovery job.

Delete

Delete the selected Asset Discovery job.

View Details

Modify the selected Asset Discovery job. You can also double-click a row to open the edit dialog.

Run Now

Run the selected Asset Discovery job. A Task pop-up display which shows the progress and completion.

Export Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.
Refresh

Update the list of Asset Discovery jobs that have run.

Search

Enter the character string to be used to search for a match. For more information, see Search box.

Asset Discovery jobs display in the grid.

Table 122: Asset Discovery: Asset Discovery job grid
Name Name of the discovery job
Created by The creator of the job.
Discovery Type The type of job, for example, Windows, Unix, or Directory
Directory The directory on which the discovery job runs
Partition

The partition in which to manage the discovered assets or assets

Schedule

 Designates when the Asset Discovery job runs
Last Run Date The date the selected Asset Discovery job ran
Next Run Date The date when the Asset Discovery job is scheduled to run next

Last Success Run Date

 The most recent date the selected Asset Discovery job successfully ran

Last Failure Run Date

 The most recent date the selected Asset Discovery job failed

Asset Discovery job workflow

You can configure, schedule, test, and run Asset Discovery jobs. After the job has run, you can select whether to manage the asset. You can also view information about the Asset Discovery jobs that have run.

Asset Discovery job workflow

  1. Create an Asset Discovery job. For more information, see Adding an Asset Discovery job.
  2. After you save the Asset Discovery job, you can test it by selecting Run Now. For more information, see Asset Discovery.
  3. After the Asset Discovery job runs, select the asset discovery job and click View Details. For more information, see Asset Discovery Results.

  4. To control management of an asset, navigate to Asset Management > Assets, select the asset, and choose one of these context menu options.

    Enable

    Select Enable to have Safeguard for Privileged Passwords manage a disabled asset. This option is only available for assets that have been disabled.

    Disable

    Select Disable to prevent Safeguard for Privileged Passwords from managing the selected asset. When you disable an asset, Safeguard for Privileged Passwords disables it and removes all associated accounts. If you choose to manage the asset later, Safeguard for Privileged Passwords re-enables all the associated accounts.

  5. On Asset Management > Assets, you can show or hide assets marked as disabled, use the following buttons. For more information, see Assets.
    Show Disabled Display the disabled assets.
    Hide Disabled Hide assets marked as disabled.
  6. Search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the Asset Discovery events in the Asset Discovery Activity category.

Adding an Asset Discovery job

You can add a new Asset Discovery job.

To add an asset discovery job

  1. Navigate to Asset Management > Discovery.
  2. Open the Assets tab.
  3. Click New Asset Discovery Job to create a new Asset Discovery job.
  4. In the New Asset Discovery Job dialog, provide information for the discovery job on the following tabs:
    General tab (asset discovery)

    Where you add general information about the discovery job and identify which partition you want Safeguard for Privileged Passwords to add the assets it discovers.

    Information tab (asset discovery)

    Where you select the directory and set the search location.

    Asset Discovery Rules tab (asset discovery)

    Where you define the search constraints and conditions, add tags, and choose the profile you want to govern the discovered assets.

    Schedule tab (asset discovery)

    Where you configure the schedule for the discovery job.

    After you save the discovery job, you can modify or run it using the Asset Discovery toolbar. For more information, see Asset Discovery.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating