In the web client, expand the Asset Management section in the left navigation pane.
In the web client, expand the Asset Management section in the left navigation pane.
Also available as a pane on the Home page, the Asset Management > Account Automation page allows Asset Administrators to view information regarding accounts that are failing or succeeding different types of tasks. This page includes both automated and manual tasks in the results. Clicking one of the tasks on the view displays additional information.
Click the button to customize the tasks that are displayed.
After selecting a task to view additional information, use the toolbar at the top of the details grid to perform the following tasks.
A Safeguard for Privileged Passwords account is a unique identifier that Safeguard for Privileged Passwords uses to control access to assets. Managed accounts (including directory accounts and service accounts) and groups of accounts can be associated with an asset. Each account has an associated asset; if you delete an asset, Safeguard for Privileged Passwords permanently deletes all the accounts associated with it.
The Auditor and the Asset Administrator have permission to access Accounts.
On Unix assets, the accounts are stored in etc/passwd; however, each platform implements this concept differently.
Service accounts are designated with a Service Account icon. For more information, see About service accounts.
To access Accounts, in the web client, navigate to Asset Management > Accounts. If needed, you can use the partition drop-down to select the parent partition of the account. Select an account, then click to display additional information and options.
Selecting one of the accounts displays the following information:
Properties (account): Displays general information about the selected account.
Owners tab (account): Displays information about the owners of the account.
Dependent Assets (account): (Directory assets) Displays the assets that have dependency on the selected directory account. This tab only displays for a directory asset and displays the assets that have dependency on the selected directory account.
Discovered Services tab (account): (Windows and Active Directory accounts) Displays information on the services dependent to a selected account.
Discovered SSH Keys (account): Displays the SSH keys discovered on the account.
History tab (account): Displays the details of each operation that has affected the selected account.
For information about configuring Account Discovery in Safeguard for Privileged Passwords, see Account Discovery job workflow.
Use these toolbar buttons to manage accounts.
New Account: Add accounts to Safeguard for Privileged Passwords. Adding an account.
Delete: Remove the selected account. Deleting an account.
View Details: Select an account then click this button to open additional information and options for the account.
Account Secrets: Possible menu options include:
Check Password
Change Password
Check SSH Key
Change SSH Key
Access Request: Allows you to enable or disable access request services for the selected account. Menu options include:
Enable Password Request
Disable Password Request
Enable Session Request
Disable Session Request
Enable SSH Key Request
Disable SSH Key Request
Enable API Key Request
Disable API Key Request
Discover SSH Keys: Run the SSH Key Discovery job.
Show Disabled: Display the accounts that are not managed and are disabled and have no associated assets.
Click Disable to prevent Safeguard for Privileged Passwords from managing the selected account.
Click Enable to manage the selected account and assign it to the scope of the default profile.
Hide Disabled: Hide the accounts that are not managed and are disabled and have no associated assets.
Click Disable to prevent Safeguard for Privileged Passwords from managing the selected account.
Click Enable to manage the selected account and assign it to the scope of the default profile.
Export: Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.
Refresh: Update the list of accounts.
Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.
The Properties tab lists information about the selected account.
To access Properties:
Information for the account displays. Not all the information listed below is applicable for every account.
The following options are available on the top of the Properties tab:
Select Enable to have Safeguard for Privileged Passwords manage a disabled asset. Account Discovery jobs find all accounts that match the discovery rule's criteria regardless of whether it has been marked Enabled or Disabled in the past.
Select Disable to prevent Safeguard for Privileged Passwords from managing the selected asset. When you disable an asset, Safeguard for Privileged Passwords disables it and removes all associated accounts. If you choose to manage the asset later, Safeguard for Privileged Passwords re-enables all the associated accounts.
The following fields
Property | Description |
---|---|
Name | The name of the selected account. |
Description |
Description of the selected account. |
Asset |
The display name of the managed system associated with this account. Accounts are only associated with one asset. |
Property | Description |
---|---|
Access Requests | Indicates which type(s) of access requests are enabled for this account. |
Password Profile |
The name of the password profile that governs the accounts assigned to a partition. When a password profile is inherited from an asset or partition this will be indicated by the text (Inherited) next to the name of the password profile. When the password profile is explicitly set, a button will appear that allows you to clear the explicitly set password profile and instead use the inherited password profile. |
SSH Key Profile |
The name of the SSH key profile. When an SSH key profile is inherited from an asset or partition this will be indicated by the text (Inherited) next to the name of the SSH key profile. When the SSH key profile is explicitly set, a button will appear that allows you to clear the explicitly set SSH key profile. Once the cleared profile change is applied, the assigned inherited profile will be displayed. If there is no default SSH key profile designated for the partition, the asset will no longer have an SSH key profile assigned. If there is no SSH key profile explicitly set on the asset, the accounts on that asset will no longer have an SSH key profile assigned. Designating a default SSH key profile for the partition will ensure all assets and accounts in that partition have an inherited SSH key profile. |
Property | Description |
---|---|
Passwords |
This tile is for managing the password for the account. The following options are available from the tile:
For more information, see Checking, changing, or setting an account password. |
TOTP Authenticator |
This tile is for managing the TOTP Authenticator for the account. The following options are available from the tile:
|
SSH keys |
This tile is for managing the SSH keys for the account. The following options are available from the tile:
For more information, see Checking, changing, or setting an SSH key. |
API keys |
Each API key configured for the account will have a tile containing the following options: NOTE: Should 4 or more API keys be configured, the tiles will be condensed into a single summary tile. To access and manage the individual API keys, click the name of the tile (API Keys <n>). This will open a pane containing a table view of the configured API keys as well as toolbar options for managing the keys.
For more information, see Checking, changing, or setting an API key. |
Files |
This tile is for managing the files for the account. The following options are available from the tile:
|
Tags: Tag assignments for the selected account.
The information displayed in the Tags pane includes both the dynamic tags added through tagging rules and static tags that were added manually. In addition to viewing tag assignments, Asset Administrators can add and remove statically assigned tags.
Delete: Click this button to delete the selected account.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center