Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 8.0 LTS - Administration Guide

Introduction System requirements Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Vaults Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Reviewing a completed file request

The Security Policy Administrator can configure an access request policy to require a review of completed file requests for assets or accounts in the scope of the policy.

NOTE: You can configure Safeguard for Privileged Passwords to notify you of a file release request that requires your review. For more information, see Configuring alerts.

To review a completed file request

To manage reviews, on the left of the page, select (Reviews). On the Reviews page, you can:

  • View the details of a workflow by selecting it.

  • Mark one or more request as reviewed by selecting the requests, then performing one of the following actions:

    • If no comment is required, click (Mark all the selected requests as reviewed).

    • If a comment is required, this icon will display as (One or more of the selected requests requires review comments). Add the comment, then click Mark as Reviewed.

  • Change the columns that display: Click (Select columns to display) and select the columns you want to see.

    • Action: Displays (This request requires review comments) or (Mark only this request as reviewed).

    • Requester: Displays the user name of the requester.

    • Access Type: Displays the type of access (for example, Password, SSH Key, RDP, RDP Application, SSH, API Key, or Telnet).

    • Account: Displays the managed account name.

    • Ticket Number: Displays the ticket number, if required.

    • Request For/Duration: Displays the date and time as well as the window of availability (for example, March 20, 2021 9:56 AM 2 hours).

  • Search: To see a list of searchable elements, click click (Search). For more information, see Search box.

Appliance Management

In the web client, expand the Appliance Management section in the left navigation pane. Settings are available to Appliance Administrators, Operations Administrators, and the Bootstrap Administrator (Auditors have read-only access).

Appliance

Use the Appliance settings to view general information about the appliance, run diagnostic tools, and reset or update the One Identity Safeguard for Privileged Passwords hardware appliance.

Safeguard for Privileged Passwords can be set up to use a virtual appliance. For more information, see Using the virtual appliance and web management console..

web client: Navigate to Appliance Management > Appliance.

One Identity Safeguard for Privileged Passwordsprovides the following information to help you resolve many common problems you may encounter as you deploy and use your appliance.

Table 13: Appliance settings
Setting Description

Appliance Diagnostics

Where you execute a trusted, secure diagnostics package to help solve a configuration issue, synchronization issue, clustering issue, or other internal issues.

Appliance Information

Where you view general information about the appliance, as well as its performance utilization and the memory usage. You can also edit the Appliance Name and Host DNS Suffix.

Debug

Where you enable or disable debug logging to a syslog server.

Licensing settings

Where you add or update a Safeguard for Privileged Passwords license.

Network Diagnostics

Where you run diagnostic tests on your appliance.

Networking Where you view and configure the primary network interface, and if applicable, the sessions network interface.
Operating System Licensing

Available on virtual machine only. Not available on hardware.

Where you configure the operating system for the virtual appliance.

Patch Updates

Where you upload and install a patch update file.

Power

Where you shut down or restart your appliance in the web client.

SSH Algorithms

Where you configure SSH Algorithms to manage account passwords and SSH keys.

Support bundle

Where you create a support bundle containing system and configuration information to send to One Identity Support to analyze and diagnose issues with your appliance.

Time

Where you enable Network Time Protocol (NTP) and set the primary and secondary NTP servers. A replica in the cluster will always reference the primary appliance as its NTP server.

You can also manually set the time on a primary but not a cluster.

CAUTION: Manually setting the time should be done with caution. Time changes can cause critical data loss.

Factory Reset

Available on hardware only. Not available on a virtual machine.

Where you perform a factory reset to revert your appliance to its original state when it first came from the factory.

Lights Out Management (BMC)

Available on hardware only. Not available on a virtual machine.

Where you enable and disable lights out management, which allows you to remotely manage the power state and serial console to Safeguard for Privileged Passwords using the baseboard management controller (BMC).

In addition to the appliance options, One Identity Safeguard for Privileged Passwords provides these troubleshooting tools:

Table 14: Additional troubleshooting tools
Tool Description

Activity Center

View the details of specific events or user activity. For more information, see Activity Center..
LCD status messages Use the LCD screen on the appliance to view the status of the appliance as it is starting up or shutting down. For more information, see LCD status messages..
Recovery Kiosk (Serial Kiosk) A terminal or laptop connected directly to the appliance to view basic appliance information, restart the appliance remotely, shut down the appliance, reset the bootstrap administrator’s password to its initial value, perform a factory rest, or to generate and send a support bundle to a Windows share. For more information, see Recovery Kiosk (Serial Kiosk)..

Appliance Diagnostics

Appliance Administrators can execute a trusted, secure appliance diagnostics package to help solve issues with configuration, synchronization, and clustering, as well as other other internal challenges. The appliance diagnostics package is available from the web Support Kiosk, not the Serial Kiosk (Recovery Kiosk). The appliance diagnostics package can be used even when the appliance is in quarantine. To protect against external threats, Safeguard rejects illegitimate appliance diagnostics packages. The manifest file in the appliance diagnostics package lists criteria that may include the minimum Safeguard version, appliance ID, and expiration timestamp UTC. New product code and database changes are not included in an appliance diagnostics package.

web client: Navigate to Appliance > Appliance Diagnostics.

  1. The state of the appliance displays (for example, Online). Click Refresh to update the state.
  2. If no appliance diagnostics package has been loaded, click Upload Diagnostics, select the appliance diagnostics package file that has an .sgd extension, then click Open.
    • If the upload criteria is not met, the appliance diagnostics package is not uploaded and a message like the following displays: The minimum Safeguard version needed to run this diagnostic package is <version>.
    • If the upload is successful, the Diagnostic Package Information displays with the Status of Staged. You can:
      • Select Execute and wait until the Status changes to Completed or Error.
      • Select Remove to delete the appliance diagnostics package and the associated log file.
  3. Once uploaded, you can perform these activities.
    • If the Expiration Date has not passed, you can select Execute to execute the appliance diagnostics package again.
    • Select Delete to delete the appliance diagnostics package, the associated log file, and stop any appliance diagnostics package that is running. Before uploading a different appliance diagnostics package, you must delete the current one because there can be only one appliance diagnostics package per appliance.
    • Select Download Log to save the log file. Audit log entries are available through the Activity Center during and after execution and are part of the appliance history. A log is also available during and after execution until the diagnostic package has been deleted.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating