Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

One Identity Safeguard for Privileged Passwords 7.4.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Favorites

Favorites are located on your Home or My Requests page. For systems and accounts that are used often, you can save the access request as a favorite. Favorites are similar to bookmarks in a web browser, allowing you to save any access request, consisting of one or more assets and accounts, as well as the access type, for example, password or RDP, so the next time you can open it with a single click.

To create favorites, on the My Requests page, you can:

  • Create a favorite by using the tree view control on the page (without having to submit an access request).

  • Save the request as a favorite during the process of creating and submitting a new access request.

On your Home page, 5 of your most recently used favorites are listed. This list is automatically maintained based on your usage.

To create and manage favorites using the tree view control

  1. Next to a folder, click the context menu and select one of the following:

    • To create a new folder for organization purposes, click New Folder.

    • To create a new favorite in the selected folder, click New Favorite.

    NOTE: By default, the new favorite will be created in the selected folder. However, you can move it to a different folder. For more information, see To add a favorite.

  2. To display the tree view either in a single pane, or split pane view, click .

  3. To find any favorite or folder based on the name, asset name, or account name, use Search.

  4. To edit a favorite, click the favorite. A dialog will be displayed. Click Edit Favorite.

  5. Each folder has a context menu next to it. Clicking the context menu allows you to do the following:

    1. To create a new favorite, click New Favorite. By default, the new favorite will be created in the selected folder.

    2. To create a new folder, click New Folder. You can nest multiple folders within a folder.

    3. To rename the folder, click Rename.

    4. To delete the entire folder and all of its contents, including nested folders and favorites, click Delete.

    5. To collapse the folder and all of its nested folders, click Collapse.

    6. To expand the folder and all of its nested folders, click Expand.

  6. To reorder favorites or folders, or to move them into other folders, drag and drop them.

To add a favorite

  1. To add a new favorite in the selected folder, click the context menu next to a folder.

  2. On the New Favorite page, select one or more assets and accounts. To quickly find an asset or account, use one of the following approaches:

    • Click Search to search the Asset, Network Address, or Platform. You an also enter a search word or phrase. For more information, see Search box.

    • The number of Items Selected will be displayed in the lower left corner.

    • In the lower right corner, select the number of Items per page to display. Click the arrows to move through the pages.

  3. Click Next.

  4. On Favorite Details, enter a name for the favorite.

  5. Select the color that will be used when displaying the favorite on the Home and My Requests pages.

  6. Click Save Favorite.

    The access request is then added to your Favorites. After a favorite is created, you can use and make changes to your favorites by selecting it from Favorites on the Home page or the My Requests page.

NOTE: Favorites have unique links, so you can bookmark or copy the link and later access it via that link rather than navigating through the web client.

NOTE: You must be authorized to create requests for the assets and accounts you choose to include in a favorite. To change the look of the favorite tiles, click for grid view or for list view.

If Show Account Availability is enabled, you can identify if a privileged account is available or not. Accounts display a warning badge if in use by a request. An account's status is updated immediately after being changed in order to avoid overlapping account requests from multiple users.

Hover over the badge to display <X> of <X> accounts in use. Showing account availability requires additional API queries that may impact performance. This toggle is set by the user, not an administrator. There is no global toggle.

NOTE: When the policy that is governing the request has enabled Allow simultaneous access for multiple user access, the request may still be available even though Show Account Request Availability indicates it is in use.

Privileged access requests

One Identity Safeguard for Privileged Passwords provides a workflow engine that supports time restrictions, multiple approvers, reviewers, emergency access, and expiration of policy. It also includes the ability to input reason codes and integrate directly with ticketing systems.

In order for a request to progress through the workflow process, authorized users perform assigned tasks. These tasks are performed from the user's Home page.

As a SPP user, your Home page provides a quick view to the access request tasks that need your immediate attention. In addition, an Administrator can set up alerts to be sent to users when there are pending tasks needing attention. For more information, see Configuring alerts..

The access request tasks you see on your Home page depend on the rights and permissions you have been assigned by an entitlement's access request policies. For example:

  • Requesters see tasks related to submitting new access requests, as well as actions to be taken once a request has been approved (for example, viewing passwords, copying passwords, launching sessions, and checking in completed requests).

    Requesters can also define favorite requests, which may appear on their Home page and My Requests page for subsequent use.

  • Approvers see tasks related to approving (or denying) and revoking access requests.
  • Reviewers see tasks related to reviewing completed (checked in) access requests, including playing back a session if session recording is enabled.

The following three workflows are available:

Configuring alerts

All users are subscribed to the following email notifications; however, users will not receive email notifications unless they have been included in a policy as a requester (user), approver, or reviewer.

Email notifications

You must configure One Identity Safeguard for Privileged Passwords properly for users to receive email notifications:

  • For Local users, you must set your email address correctly in My Settings. For more information, see My Settings.
  • For Directory users, set your email correctly in the directory where your user resides.
  • The Security Policy Administrator must configure the access request policies to notify people of pending access workflow events (that is, pending approvals and pending reviews). For more information, see Creating an access request policy.
  • Contact your Security Policy Administrator to ensure the access request policies are configured to notify people of pending access workflow events.
  • The Appliance Administrator must configure the SMTP server. For more information, see Enabling email notifications.
  • Contact your Appliance Administrator to ensure the SMTP server is configured for email notifications.
Role-based email notifications generated by default

One Identity Safeguard for Privileged Passwords can be configured to send email notifications warning you of operations that may require investigation or action. Your administrative permissions determine which email notifications you will receive by default.

NOTE: SPP administrators can use the following API to turn off these built-in email notifications:

POST /service/core/v3/Me/Subscribers/{id}/Disable

In addition, SPP administrators can subscribe to additional events based on their administrative permissions using the following API:

POST /service/core/v3/EventSubscribers

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating