Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 8.0 LTS - Administration Guide

Introduction System requirements Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Vaults Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Setting a default SSH key profile

When you create a new partition, Safeguard for Privileged Passwords creates a corresponding default profile with default schedules and rules.

To set another SSH key profile as the default

  1. Navigate to Asset Management > Profiles.
  2. In SSH Key Profiles, select a profile that is not the current default profile for a partition.

  3. Click  Set as Default from the details toolbar.

Deleting an SSH key profile

It is the responsibility of the Asset Administrator to manage SSH key profiles.

To delete an SSH key profile

  1. Navigate to Asset Management > Profiles > SSH Key Profiles.
  2. Select the profile to be deleted.
  3. Click Delete.
  4. Confirm your request.

Tags

On the web client, Asset Administrators can create and manage tags.

  • web client: Use Asset Management > Tags to create and manage tags for assets and asset accounts.

In addition, Asset Administrators can manually add static tags to assets and accounts on the General tab of the Assets or Accounts view. For more information, see Manually adding a tag to an asset and Manually adding a tag to an account.

The Tags page provides a centralized view of all the tags defined for assets and asset accounts, regardless of how they were assigned. It displays the following details.

Table 171: Tags: Properties
Property Description

Name

The name assigned to the tag when it was created.

Partition

The asset partition to which the tag belongs.

Account Rules

Indicates whether there is a rule associated with the selected tag. A check mark in this column indicates that the tag has an account rule.

Asset Rules

Indicates whether there is a rule associated with the selected tag. A check mark in this column indicates that the tag has an asset rule.

Description

Information about the tag.

Assigned Owners

Information on the owner(s).

Use these toolbar buttons to manage tags.

Table 172:  Tags: Toolbar
Option Description

New Tag

Add a tag. For more information, see Adding a tag for tagging of assets or asset accounts..

Delete

Remove the selected tag. For more information, see Deleting an asset or asset account tag..

View Details

View details for the selected tag. For more information, see Modifying an asset or asset account tag..

NOTE: You cannot modify the partition assignment of an existing tag using the Edit operation. Use the Copy operation to clone the tag and assign it to an additional partition. Use the Delete operation to remove the tag from the existing partition.

Copy

Clone the selected tag and assign it to one or more additional partitions. For more information, see Copying an asset or asset account tag to another partition..

NOTE: If the tag already exists in the partition, the tag will be replaced with the cloned one.

Occurrences

View a list of assets and asset accounts that are assigned to the selected tag. For more information, see Viewing asset and asset account tag assignments..

Refresh

Update the list of tags.

Search

Search for a specific tag or set of tags in this list.

Adding a tag for tagging of assets or asset accounts

Use the New Tag button on the Tags page to add a tag for an asset or asset account.

To add an asset or asset account tag

  1. Navigate to Asset Management > Tags.
  2. Click the New Tag toolbar button.

  3. On the General tab, enter the following information:

    • Name: Enter a unique name for the tag.
    • Description: Enter information about the tag.
    • Partition: Click Browse to select the partition to which this tag is to be assigned.
  4. On the Asset Rules tab, enter the conditions for an asset rule.

    • Enable rule for this tag: Select this check box to enable the configured rule for the tag.
    • Rule editor: Use the rule editor to define conditions for tagging assets.

      Table 173: Asset Rules tab: Rule editor controls
      Property Description

      AND | OR

      Click AND to group multiple search criteria together, where all criteria must be met in order to be included.

      Click OR to group multiple search criteria together, where at least one of the criteria must be met in order to be included.

      Attribute

      In the first query clause box, select the attribute to be searched. Valid attributes include:

      • Allow Session Requests
      • Description
      • Directory Container (If you use the operator Equal, one level is found.)
      • Disabled
      • Discovered Group Distinguished Name (Use this selection to specify the search is for the domain to which the group belongs.)
      • Discovered Group Name (Use this selection to not specify the domain in the search. To specify the domain, select Discovered Group Distinguished Name.)
      • Discovery Job Name
      • A profile selection: Profiles can be inherited. For example, an account can be assigned to a specific profile (Profile Name) or it can inherit the profile from its parent asset (Effective Profile Name). When inherited, Profile Name will be null. Effective Profile Name will always have a value.
        • Effective Profile Name
        • Profile Name
      • Name (default)
      • Network Address
      • Partition Name
      • Platform
      • Tag

      Operator

      In the middle clause query box, select the operator to be used in the search. The operators available depend on the data type of the attribute selected.

      For string attributes, the operators may include:

      • Contains (Default)
      • Does Not Contain
      • Starts With
      • Ends With
      • Equals
      • Matches
      • Does Not Equal

      For boolean attributes, the operators may include:

      • Is True
      • Is False

      Enter condition value

      In the last clause query box, enter the search string or value to be used to find a match.

      |

      Click to the left of a search clause to add an additional clause to the search criteria.

      Click to remove the search clause from the search criteria.

      Add Grouping | Remove

      Click the Add Grouping button to add an additional set of conditions to be met.

      A new grouping is added under the last query clause in a group and appears in a bordered pane showing that it is subordinate to the higher level query conditions.

      Click the Remove button to remove a grouping from the search criteria.

      Preview

      Click Preview to run the query in order to review the results of the query before adding the dynamic tag.

  5. On the Account Rules tab, enter the conditions for an account rule.

    • Enable rule for this tag: Select this check box if you want to include an account rule.
    • Rule editor: Use the rule editor to define conditions for tagging asset accounts.

      Table 174: Asset Account Rules tab: Rule editor controls
      Property Description

      AND | OR

      Click AND to group multiple search criteria together, where all criteria must be met in order to be included.

      Click OR to group multiple search criteria together; where at least one of the criteria must be met in order to be included.

      Attribute

      In the first query clause box, select the attribute to be searched. Valid attributes include:

      • Allow Password Requests
      • Allow Session Requests
      • Allow SSH key Requests
      • Asset Name
      • Asset Tag
      • Description
      • Directory Container (If you use the operator Equal, one level is found.)
      • Disabled
      • Discovered Group Distinguished Name (Use this selection to specify the search is for the domain to which the group belongs.)
      • Discovered Group Name (Use this selection to not specify the domain in the search. To specify the domain, select Discovered Group Distinguished Name.)
      • Discovery Job Name
      • Distinguished Name
      • Domain Name
      • Name
      • NETBIOS Name
      • Partition Name
      • Specify the platform. Here is how the search works:

        • Platform: This is the broadest search which will return the most results. The value you enter matches if it is found in one or more of the following:

          • DisplayName (Platform Name), such as Windows

          • PlatformType, such as MicrosoftAD, Ubuntu, RacfLdap

          • PlatformFamily, such as Windows, Linux, AIX

          • Platform.Version (Platform Version), such as Server 2016, 10

          For example, typing in Other could return these platforms: Windows Other, Other Other, and Other.

        • Platform Name: For a more granular search, enter the name of the platform, such as Windows. If you enter Windows without entering a Platform Version, there may be a match on Windows Server 2019, Windows Server 2016, and Windows 10.

        • Platform Version: Enter the version of the platform, such as Server 2016. For a precise search, enter both the Platform Name and the Platform Version, For example, if you enter the Platform Name as Windows and the Platform Version as Server 2016, then only Windows Server 2016 will be selected.

      • For more information, see Supported platforms.

      • Service Account
      • SID
      • Tag

      Operator

      In the middle clause query box, select the operator to be used in the search. The operators available depend upon the data type of the attribute selected.

      For string attributes, the operators may include:

      • Contains (Default)
      • Does Not Contain
      • Starts With
      • Ends With
      • Equals
      • Does Not Equal
      • Matches

      For boolean attributes, the operators may include:

      • Is True
      • Is False

      Enter condition value

      In the last clause query box, enter the search string or value to be used to find a match.

      |

      Click to the left of a search clause to add an additional clause to the search criteria.

      Click to remove the search clause from the search criteria.

      Add Grouping | Remove

      Click the Add Grouping button to add an additional set of conditions to be met.

      A new grouping is added under the last query clause in a group and appears in a bordered pane showing that it is subordinate to the higher level query conditions.

      Click the Remove button to remove a grouping from the search criteria.

      Preview

      Click Preview to run the query in order to review the results of the query before adding the dynamic tag.

  6. Click OK to create the tag, close the dialog, and return to the Tags pane.
  7. Once the tag has been saved, select the tag and click View Details.
  8. On the Assigned Owners tab, enter the users or groups associated with the tag. This does NOT mean the users and/or groups associated with the tag are the owners of the tag itself. Instead, when the tag is assigned to an asset or account, the listed users or groups will become owners of that asset or account.

    Table 175: Assigned Owners tab: Rule editor controls
    Property Description

    |

    Click to Add User or User Group.

    Click to remove a previously added user or group.

    Refresh

    Update the list of users and groups.
  9. Click OK to save the assigned owners, close the dialog, and return to the Tags pane.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating