Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.5 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Adding a user group to an entitlement

When you add user groups to an entitlement, you are specifying which people can request access to the accounts and assets governed by an entitlement's policies. It is the responsibility of the Security Policy Administrator to add user groups to entitlements.

To add a user group to entitlements

  1. Navigate to:

    • web client: Security Policy Management > User Groups or User Management > User Groups.
  2. In User Groups, select a user group from the object list and open the Entitlements tab.
  3. Click Add Entitlement from the details toolbar.
  4. Select one or more entitlements from the Entitlements dialog and click OK.

Deleting a user group

Both Authorizer Administrator and User Administrator can delete local and directory user groups. A Security Policy Administrator can only delete local groups without permissions on them.

When you delete a user group, SPP does not delete the users associated with it.

To delete a user group

  1. Navigate to:

    • web client: Security Policy Management > User Groups or User Management > User Groups.
  2. In User Groups, select a user group from the list.
  3. Click Delete.
  4. Confirm your request.

Time Zone

SPP sets a default time zone based on the location of the person performing the set up. The time zone is expressed as UTC + or – hours:minutes and is used for timed access (for example, access from 9 a.m. to 5 p.m.). It is recommended that the Bootstrap Administrator set the desired time zone on set-up. An Authorizer Administrator can also change the time zone.

To configure the time zone

  1. Navigate to User Management > Settings > Time Zone.
  2. The User Administrator can search for and select the desired time zone.
  3. The User Administrator can change Allow users to modify their own time zone.
    • Enable the setting to let users change their time zone (the default).
    • Disable the setting to prohibit a user from changing their time zone, possibly to ensure the user conforms with policy.

Reports

Reports allows users to view and export reports that show which assets, accounts, users, tags, and partitions a selected user manages. Reports can be exported in .csv or .json format.

In the web client, the Reports section contains the following sub-pages:

  • Activity Center: The Activity Center is the place to go to view the details of specific events or user activity. The appliance records all activities performed within One Identity Safeguard for Privileged Passwords. Any administrator has access to the audit log information; however, your administrator permission set determines what audit data you can access.

  • Entitlements: One Identity Safeguard for Privileged Passwords provides the following types of entitlement reports (for more information, see Entitlement reports):

    NOTE: The number indicated in the tab title shows the number of unique users, assets, or accounts. When you enter search criteria for the report, the number displayed on the tab will adjust accordingly.

    • User: Lists information about the accounts a selected user is authorized to request.
    • Asset: Lists information about the accounts associated with a selected asset and the users who have authorization to request those accounts.
    • Account: Lists detailed information about the users who have authorization to request a selected account including: Entitlement, Policy, Access Type, Password Included, Password Change, Time Restrictions, Expiration Date, Group, From Linked Account, and Last Accessed.

  • Ownership: One Identity Safeguard for Privileged Passwords provides these ownership reports (for more information, see Ownership reports):

    NOTE: The number indicated in the tab title shows the number of unique users, partitions, assets, accounts, or tags. When you enter search criteria for the report, the number displayed on the tab will adjust accordingly.

    • User: Lists information about ownership based on each owner.

    • Partition: Lists information about ownership for a partition.

    • Asset: Lists information about ownership for an asset.

    • Account: Lists information about ownership for an account.

    • Tag: Lists information about owners of assets and accounts assigned to a tag.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating