Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 8.0 LTS - Administration Guide

Introduction System requirements Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Vaults Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Deleting a user group

Both Authorizer Administrator and User Administrator can delete local and directory user groups. A Security Policy Administrator can only delete local groups without permissions on them.

When you delete a user group, Safeguard for Privileged Passwords does not delete the users associated with it.

To delete a user group

  1. Navigate to:

    • web client: Security Policy Management > User Groups or User Management > User Groups.
  2. In User Groups, select a user group from the list.
  3. Click Delete.
  4. Confirm your request.

Time Zone

Safeguard for Privileged Passwords sets a default time zone based on the location of the person performing the set up. The time zone is expressed as UTC + or – hours:minutes and is used for timed access (for example, access from 9 a.m. to 5 p.m.). It is recommended that the Bootstrap Administrator set the desired time zone on set-up. An Authorizer Administrator can also change the time zone.

To configure the time zone

  1. Navigate to User Management > Settings > Time Zone.
  2. The User Administrator can search for and select the desired time zone.
  3. The User Administrator can change Allow users to modify their own time zone.
    • Enable the setting to let users change their time zone (the default).
    • Disable the setting to prohibit a user from changing their time zone, possibly to ensure the user conforms with policy.

Reports

Reports allows users to view and export reports that show which assets, accounts, users, tags, and partitions a selected user manages. Reports can be exported in CSV or JSON format.

In the web client, the Reports section contains the following sub-pages:

  • Activity Center: The Activity Center is the place to go to view the details of specific events or user activity. The appliance records all activities performed within One Identity Safeguard for Privileged Passwords. Any administrator has access to the audit log information; however, your administrator permission set determines what audit data you can access.

  • Audit Reports: One Identity Safeguard for Privileged Passwords provides the following type of audit reports:

    • Asset/Account/Activity: This report shows actions performed by an administrator to add or update assets and accounts.

    • Domain Account Dependencies: This report shows the domain account dependencies configured for each account.

    • Entitlements: This report shows the policy configuration allowing users to request access to assets and accounts, grouped by user, asset, or account.

    • Ownership: This report shows the users that have been directly assigned as owners of assets, accounts, partitions, and tags.

    • Release Reset Reconcile: This report shows for each access request if the secret was released and if the secret was changed afterward.

    • Session Accounts Inventory: This report shows the accounts that are configured to allow session requests.

    For more information about audit reports, see Audit reports.

  • Access Request Reports: One Identity Safeguard for Privileged Passwords provides the following type of access request reports:

    • Access Requests: This report shows the access requests that were requested in the date range.

    • Approver User Activity: This report shows the actions an approver performed on access requests.

    • Auto-Approved Requests: This report shows the access requests that were approved without user interaction.

    • Requester User Activity: This report shows the actions a requester performed on access requests.

    • Reviewer User Activity: This report shows the actions a reviewer performed on access requests.

    For more information about access request reports, see Access request reports.

  • Secrets Reports: One Identity Safeguard for Privileged Passwords provides the following type of secrets reports:

    • Past Due: This report shows the accounts that have tasks scheduled to change secrets that have not successfully completed. Accounts will show up here if the last attempt date is later than the last success date or the next attempt date has passed without the task running.

    • Secrets Aging Inventory: This report shows the last time a secret was successfully changed as well as the last time an attempt was made to change it.

    • Secrets In Use: This report shows the users who know the current secret for an account.

    • Secrets Release Activity: This report shows when secrets are released via access requests.

    • Secrets Task Queue: This report shows the next scheduled time a task will run for an account as well as the running task information if there is a task currently running.

    • Secrets Update Activity: This report shows actions related to checking or updating secrets.

    • Secrets Update Schedule: This report shows all accounts with information relating to the last task that ran for the selected task type.

    For more information about secrets reports, see Secrets reports.

  • User Reports: One Identity Safeguard for Privileged Passwords provides the following type of user reports:

    • Failed Logins: This report shows when a user tries to login and fails.

    • Last Access Request: This report shows the last time each user made an access request.

    • Last Login: This report shows the last time each user successfully logged in.

    For more information about user reports, see User reports.

Activity Center

The Activity Center is the place to go to view the details of specific events or user activity. The appliance records all activities performed within One Identity Safeguard for Privileged Passwords. Any administrator has access to the audit log information; however, your administrator permission set determines what audit data you can access. For more information, see Administrator permissions.

The Activity Center page contains these options:

  • Select a Saved Search: Allows you to access and manage previously saved search and scheduled reports.

  • Save or Schedule Search: Saves the current search criteria which can be used later to generate the report. For more information, see Saving search criteria and loading previously saved search criteria.

  • Clear Search Criteria: Resets the current search criteria back to the default settings (all activity occurring within the last 24 hours).

  • Activity Category: Use this drop-down to filter the activity being searched for based on category. Selecting All Activity will search all categories.

  • Date Range: Use this drop-down to specify a time frame for the search.

Use the available search fields to specify additional query criteria to retrieve the information you are looking for. For more information, see Applying search criteria.

Activity Center: Results toolbar

Once an activity audit log report is generated, the results section contains the search results grid and these toolbar options:

  • View Details: After selecting a result, click this button to view the details.

  • Request Workflow Details: After selecting a result related to an access request, click this button to open a detail of all actions for that request (for example: approvals, password checkouts, and session logs).

  • Export: Select to create a .csv or .json file of the criteria displayed and save it to a location of your choice.

  • Refresh: Updates the search results page.

  • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating