Cloud Assistant
The Cloud Assistant feature integrates its access request workflow with Starling Cloud Assistant, allowing approvers to receive a notification through a configured channel when an access request is submitted. The approver can then approve (or deny) access requests through the channel without needing access to the Safeguard for Privileged Passwords web application.
The Cloud Assistant feature is enabled when you join Safeguard for Privileged Passwords to Starling. For more information, see Starling.. Once enabled, it is the responsibility of the Security Policy Administrator to define the users who are authorized to use Cloud Assistant to approve access requests.
Go to Cloud Assistant:
web client: Navigate to Security Policy Management > Cloud Assistant.
The Cloud Assistant pane displays the following about the users authorized to use the feature.
Table 194: Cloud Assistant: Properties
|
Name |
Name of the Safeguard for Privileged Passwords user.
NOTE: This user must also be added as an approver in an access request policy. |
|
Username |
The username associated with the account. |
|
Authentication Provider |
The type of authentication provider. |
|
Identity Provider |
The name of the authentication provider for the account. |
|
Domain Name |
The name of the domain where the account it located. |
|
Email Address |
Valid email address for the authorized user. |
Use these toolbar buttons to manage the users authorized to use Cloud Assistant.
Table 195: Cloud Assistant: Toolbar
|
 Add
|
Add Safeguard for Privileged Passwords users who are authorized to use this feature to approve (or deny) access requests.
NOTE: These same users must also be added as approvers in an access request policy. |
 Remove |
Remove the selected user as an authorized user. |
|
 Refresh
|
Update the list of users authorized to use Cloud Assistant. |
Adding authorized user for Cloud Assistant
Once Safeguard for Privileged Passwords is joined to Starling, use the Cloud Assistant page to add the Safeguard for Privileged Passwords users that can use the Cloud Assistant feature to approve access requests.
To add users who are authorized to use Cloud Assistant
IMPORTANT: The user information configured in Safeguard for Privileged Passwords must match the user information in the Starling Cloud Assistant channel. If the user information does not match, you will need to remove the user from both Security Policy Management > Cloud Assistant and Starling Cloud Assistant's Recipients page, then re-add the user to Safeguard for Privileged Passwords using the correct user information.
- Log in to the Safeguard for Privileged Passwords client as a Security Policy Administrator.
- To go to Cloud Assistant:
- web client: Security Policy Management > Cloud Assistant.
- Click Add.
-
In the Users dialog, select users from the list and click OK.
-
Add these Cloud Assistant users as approvers in the appropriate access request policy. For more information, see Creating an access request policy.
Once a user is added as a Cloud Assistant user and as an approver in an access request policy, when an access request requires approval, Safeguard for Privileged Passwords sends a notification to the approver's configured channel (this is configured via the Starling Cloud Assistant service). The approver can either approve or deny the access request directly from the channel.
NOTE: Revoking an access request that has already been approved is not available via the channel. You must use the Safeguard for Privileged Passwords web client to perform that action.
Asset Groups
A Safeguard for Privileged Passwords asset group is a set of assets that you can add to the scope of an access request policy. For more information, see Creating an access request policy.
NOTE: The Asset Groups tab is only available if SPP is joined to SPS.
To asset groups and dynamic asset groups, you can only add the assets that support session management. Assets that do not support session management include but are not be limited to Directory assets. When you create the asset, if session management is supported, an Enable Session Request check box is available in the Management tab. For more information, see For more information, see Supported platforms.. This section lists SPP and SPS support by platform.
The Auditor and the Security Policy Administrator have permission to access Asset Groups.
To access Asset Groups:
- web client: Navigate to Security Policy Management > Asset Groups.
The Asset Groups view displays the following information about the selected asset group.
Use these toolbar buttons to manage asset groups.
Properties tab (asset group)
The Properties tab lists information about the selected asset group.
To access the Properties tab, in the web client, navigate to Security Policy Management > Asset Groups > 
View Details > Properties.
Table 196: Asset Groups Properties tab: General properties
| Name |
The selected asset group's name |
|
Description |
Information about the selected asset group |
|
Asset Rules |
For dynamic asset groups, a summary of the asset rules defined. On the web client, this information is available on the Asset Rules tab. |
Delete: Remove the selected asset group from 
Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see 
Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click