Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Importing objects

Safeguard for Privileged Passwords allows you to import a .csv file containing a set of accounts, assets, or users.

To import a set of objects

  1. Click (or tap)  Import from the toolbar.
  2. In the Import dialog, Browse to select an existing .csv file containing a list of objects to import.

    Note: For assistance in creating an import file, click (or tap) CSV Template Assistant. For more information, see Creating an import file.

  3. When importing assets, the Discover SSH Host Keys option is selected by default indicating that Safeguard will retrieve the required SSH host key for the assets specified in the CSV file.
  4. Click (or tap) OK.

    Safeguard for Privileged Passwords imports the objects into its database.

    Note: Safeguard for Privileged Passwords does not add an object if any column contains invalid data in the .csv file with the follow exceptions:

    • Assets PlatformDisplayName property.
      1. If Safeguard for Privileged Passwords does not find an exact match, it looks for a partial match. If it finds a partial match it supplies the <platform> Other platform, such as "Other Linux".
      2. If it does not find a partial match, it supplies the Other platform type.
    • Users TimeZoneId property.
      1. If Safeguard for Privileged Passwords does not find a valid TimeZoneId property (that is, does not find an exact match or no timezone was provided), it uses the local workstation's current timezone.

        Note: Do not enter numbers or abbreviations for the TimeZoneId.

    • Users Password property.
      1. Safeguard for Privileged Passwords adds a user without validating the password you provide.
  5. Navigate to the Tasks pane in the Toolbox for details about the import process and invalid data messages. For more information, see Viewing task status.

Setting a local user's password

It is primarily the responsibility of the Authorizer Administrator to set passwords for administrators; and the User Administrator and Help Desk Administrator to set passwords for non-administrator local users.

Note: These administrators can only set passwords for local users. Directory user passwords are maintained in an external provider, such as Microsoft Active Directory.

There are three ways to set a password.

To set a local user's password

  1. Navigate to Administrative Tools | Users.
  2. In Users, select a local user from the object list, right-click (or press and hold) and select  Set Password from the context menu.

    -OR-

    Click (or tap) the  User Security menu and select  Set Password.

    -OR-

    Open the Authentication box on the General tab and click (or tap) Set Password.

  3. In the Set Password dialog, enter the new password and click (or tap) OK.

    Note: You must comply with the password requirements specified in the dialog. For more information, see Password Rules.

Unlocking a user's account

If you are unable to log in, your account may have become disabled or "locked". For example, if you enter a wrong password for the maximum number of times specified by the account Lockout Threshold settings, Safeguard for Privileged Passwords locks your account. For more information, see Login Control.

Typically, it is the responsibility of the Authorizer Administrator to unlock administrator accounts; and the User Administrator and Help Desk Administrator to unlock non-administrator local users.

There are two ways to unlock a user account.

To unlock a user's account

  • In Users, select a "locked" user, right-click (or press and hold) and select  Unlock from the context menu.

    -OR-

  • Click (or tap) the  User Security menu and select  Unlock.

Enabling or disabling a user

Typically, it is the responsibility of the Authorizer Administrator to enable or disable administrator users and the User Administrator to enable or disable non-administrator users.

To enable or disable a user

  1. Navigate to Administrative Tools | Users.
  2. In Users, select a user from the object list.
  3. Click (or tap) Enabled or Disabled.

    This icon, located in the upper-right corner of the console, toggles between the two settings.

Note: You configure the number of days you want Safeguard for Privileged Passwords to wait before automatically disabling an inactive user account in the Disable After Login Control Setting. For more information, see Login Control.

Note: The Authorizer Administrator must also reset the user's password when re-enabling a disabled account. Simply enabling the account does not permit the user to login with his previous password.

Disabling a user prevents him or her from logging into Safeguard for Privileged Passwords; however, if you disable a directory user, that does not prevent that user from logging into the directory. You can modify a disabled user's information.

Related Documents