Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.5.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Creating an enterprise vault entry

Use the Enterprise Vault page of the SPP web client to create a new enterprise vault entry.

NOTE: You cannot add any credential information, that is, set a new password or TOTP authenticator until the vault entry has been created.

To create an enterprise vault entry

  1. On the Enterprise Vault page, click New Entry.

  2. Enter the following values.

    1. Name: Enter a meaningful name for the application or account to access, for example Company X (Twitter).

    2. Account Name: Enter the user name you use to log on for authentication.

    3. URL: Enter the web address of the application or system, for example, Amazon.com. Click Open URL to test the link. You can also Copy the URL.

    4. Notes: Enter any free form notes that are helpful for you or for the person with whom you may share the password. You can also use Notes for information about an application or system, such as certifications or keys. The limit is 2000 characters.

    5. (Optional) One Identity recommends that you set an expiration date to protect your access.

      Select Have the Entry Expire on Date, and in Expires, set an expiration date. You can enter the date, click the calendar to select a date, or click Sharing Expires to select a week or month interval.

  3. Click OK.

Sharing your enterprise vault with another user or user group

Use the Enterprise Vault page of the SPP web client to share your enterprise vault with another user or user group.

To share your enterprise vault with another user or user group

  1. On the Enterprise Vault page, select an entry to share.

  2. Double-click the entry or click Edit Entry and navigate to the Sharing tab.

  3. On the Sharing tab, click New Share.

  4. On the Share Credentials dialog, users and groups are available including their Display Name, Domain, and Email Address.

    Select users or user groups. To search for a user or user group, enter a value in the Search text box or click the icon then make a selection to search by Domain, Display Name, or Email Address. Enter the first letters of the value to display the matches and select the user or user group.

    NOTE: You can share credentials with any user or group, but they will only have access to the vault if an administrator gives them the Enterprise Vault permission. For more information, see Permissions tab (add user). and Properties tab (user groups).

  5. (Optional) Set the sharing end date which must be between one day and one year. In Stop Sharing, enter the date, click the calendar and select the date, or click Sharing Expires to select a week or month interval. The secrets will not be available to the user on that date.

  6. Click Save.

To stop sharing your enterprise vault with a single user or user group

  1. On the Enterprise Vault grid, the Shared column displays true if you are sharing the credential.

  2. Select the vault entry that you want to stop sharing with a single user or user group.

  3. Double-click the entry or click Edit Entry, and navigate to the Sharing tab.

  4. Select the user or user group that you want to stop sharing with, and click Stop Sharing.

To stop sharing your enterprise vault with all users and user groups

  1. On the Enterprise Vault grid, the Shared column displays true if you are sharing the credential.

  2. Select the entry that you want to stop sharing.

  3. Click Stop Sharing. The Stop Sharing dialog displays as a warning.

  4. Click Stop Sharing. This will stop sharing with all users and user groups.

Setting a password for your enterprise vault

Use the Enterprise Vault page of the SPP web client to set a password for your enterprise vault.

To set a password for your enterprise vault

  1. On the Enterprise Vault page, select an entry.

  2. Double-click the entry or click Edit Entry and navigate to the Secrets tab.

  3. On the Password tile available on this page, click Set.

    You can enter a password or automatically generate a password.

    NOTE: SPP does not send the generated password anywhere, only stores it. To use the generated password for an account that you added to the enterprise vault, for example, you must copy the password from here and then set it to the account.

    • If you enter the password, you can click Show or Hide to view the entry or not. You can also click Copy Password to copy the password to your clipboard.

    • To automatically generate a password, click Generate Password. The password is automatically generated. You can change password rules:

      1. Length: Use the slider or enter a value to reset the required length.

      2. Lowercase: Toggle the requirement to use lowercase letters in the password on or off. The password is regenerated per the setting.

      3. Uppercase: Toggle the requirement to use uppercase letters in the password on or off. The password is regenerated per the setting.

      4. Numbers: Toggle the requirement to use numbers in the password on or off. The password is regenerated per the setting.

      5. Symbols: Toggle the requirement to use symbols in the password on or off. The password is regenerated per the setting.

      6. Click Regenerate to generate a new password.

      7. Click Set Password to save the generated password.

  4. Back on the Password tile, you can click Show to view the password or Copy to copy the password to your clipboard.

  5. You can also click View Archive to view the password history.

    Thirty days of password history display as a default. You can set a date range for displaying password history by selecting From and To values using the calendar, or clicking Date Range to select set time periods for hours, days, months, or All History.

    In addition to viewing the Date Changed, you can Show or Hide the password or Copy Password.

Setting up a time-based one-time password (TOTP) authenticator

Use the Enterprise Vault page of the SPP web client to set up a TOTP authenticator for your enterprise vault.

To set up a TOTP authenticator

  1. On the Enterprise Vault page, select an entry.

  2. Double-click the entry or click Edit Entry and navigate to the Secrets tab.

  3. On the TOTP Authenticator tile available on this page, click Set.

  4. On the Set TOTP Authenticator pane, select one of the following options:

    NOTE: After you start the process for setting up a TOTP authenticator, you must connect the authenticator with the account in Safeguard for Privileged Passwords by entering the code(s) sent by the authenticator within a set time limit. One Identity recommends that you have your authenticator ready before beginning this process to avoid having to restart the setup process due to timing out.

    1. QR Code Image: Select this option to connect with the TOTP authenticator using a QR code image file. Click Browse Your Computer to select the QR code image file or drag the QR code image file into the dashed box.

    2. URI or Secret String: Select this option to connect with the TOTP authenticator using the URI string or secret generated by the authenticator. If only a secret is provided, then the process for generating the string will depend on the authenticator itself.

      Click Submit.

  5. A Setup Confirmation Code section will appear as soon as the authenticator setup begins and you must start entering the provided code(s) into your authenticator (you can click Copy to copy the code instead of typing the value). The amount of time you have left before the code becomes invalid and a new code is displayed to the right of the Copy button.

    The number of code(s) required depends on the requirements for the authenticator (for example, AWS requires 2 successive codes be entered, with each code being available for approximately 30 seconds. Only 5 codes will be displayed before the authenticator setup times out and you will need to restart the process.). If you cannot successfully complete the setup, click Remove Authenticator to restart the process.

  6. After you have successfully completed the TOTP authenticator setup, click Done.

  7. Back on the TOTP Authenticator tile, you can click Show to view the password and the amount of time you have left before the code becomes invalid or Copy to copy the password to your clipboard.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating