Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

One Identity Safeguard for Privileged Passwords 7.4.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

History tab (account group)

The History tab allows you to view or export the details of each operation that has affected the selected account group.

To access History:

  • web client: Navigate to Security Policy Management > Account Groups > (View Details) > History.

    The top of the History tab contains the following information:

    • Date Range: By default, the history details are displayed for the last 24 hours. From the drop-down, select one of the time intervals to display history details for that time frame.

    • Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

    • Refresh: Update the list displayed.

    • Search: For more information, see Search box..

Table 186: Account Groups: History tab properties
Property Description

Date/Time

The date and time of the event.

User

The display name of the user that triggered the event.

Source IP

The network DNS name or IP address of the managed system that triggered the event.

Object Name

The name of the selected account group.

Event

The type of operation made to the selected account group:

  • Create
  • Delete
  • Update
  • Add Membership
  • Remove Membership

NOTE: A membership operation indicates a relationship change with a related or parent object such as the selected account group was added or removed from the membership of a policy, or an account was added or removed from the membership of the selected account group.

Related Object

The name of the related object.

Related Object Type

The type of the related object.

Parent

The name of the object to which the selected account group is a child.

Parent Object Type

The parent object type.

Managing account groups

Use the controls and tabbed pages in the Account Groups view to perform the following tasks to manage SPP account groups:

Adding an account group

It is the responsibility of the Security Policy Administrator to add account groups to SPP.

To add an account group

  1. Navigate to Security Policy Management > Account Groups.
  2. Click  Add > Account Group from the toolbar.
  3. In the New Account Group dialog, enter the following information:

    • Name: Enter a unique name for the account group.

      Limit: 50 characters

    • Description: (Optional) Enter information about this account group.

      Limit: 255 characters

  4. Click OK.

Adding a dynamic account group

It is the responsibility of the Security Policy Administrator to add dynamic account groups to SPP.

Dynamic account groups are associated with rules engines that run when pertinent objects are created or changed. For example:

  • Whenever you add or change an asset account, all applicable rules are reevaluated against that asset account.
  • Whenever you change an asset account rule, the rule is reevaluated against all asset accounts within the scope of that rule. In other words, the rule is reevaluated against all asset accounts for grouping and the asset accounts within the designated partitions for tagging.

You can create a dynamic account group without any rules; however, no accounts will be added to this dynamic account group until you have added a rule.

In large environments, there is a possibility that the user interface may return before all of the rules have been reevaluated and you may not see the results you were expecting. If this happens, wait a few minutes and Refresh the screen to view the results.

To add a dynamic account group

  1. Navigate to Security Policy Management > Account Groups.

  2. Click Add > Account Dynamic Group from the toolbar.

  3. In the New Account Group dialog, provide information in each of the tabs:

    Table 187: Information to provide when adding a dynamic account group

    Tab

    Information to provide

    General tab (add dynamic account group)

    Where you add general information about the dynamic account group.

    Account Rules tab (add dynamic account group)

    Where you define the rules to be used to identify the accounts to be included in a dynamic account group.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating