Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

History tab

The History tab allows you to view or export the details of each operation that has affected the selected group.

The History tab contains the following information:

  • Items: Total number of entries in the history log.
  • Search: For more information, see Search box.

  • Time Frame: By default the history details are displayed for the last 24 hours. Click (or tap) one of the time intervals at the top of the grid to display history details for a different time frame. If the display does not refresh after selecting a different time interval, click (or tap) Refresh.
Table 249: User Groups: History tab properties
Property Description
Date/Time The date and time of the event.
User The display name of the user that triggered the event.
Source IP The network DNS name or IP address of the managed system that triggered the event.
Object Name The name of the selected group.
Event

The type of operation made to the selected user group:

  • Create
  • Delete
  • Update
  • Add Membership
  • Remove Membership

NOTE: A membership operation indicates a "relationship" change with a related or parent object such as a user was added or removed from the membership of the selected user group or the selected group was added or removed from an entitlement.

Related Object The name of the related object.
Related Object Type The type of the related object.
Parent

The name of the object to which the selected user group is a child.

Parent Object Type The parent object type.

Select an event to display this additional information for some types of events (for example, create and update events).

Table 250: Additional History tab properties
Property Description
Property The property that was updated.
Old Value The value of the property before it was updated.
New Value The new value of the property.

Managing user groups

Use the controls and tabbed pages on the User Groups page to perform the following tasks to manage Safeguard for Privileged Passwords user groups:

Adding a user group

It is the responsibility of the Security Policy Administrator to add groups of local users to Safeguard for Privileged Passwords.

NOTE: It is the responsibility of the Authorizer Administrator or the User Administrator to add directory groups. For more information, see Adding a directory user group.

To add a user group

  1. Navigate to Administrative Tools | User Groups.
  2. Click (or tap)  Add User Groups from the toolbar.
  3. In the User Groups dialog, enter the following information:
    1. Name: Enter a unique name for the user group.

      Limit: 50 characters

    2. Description: (Optional) Enter information about this user group.

      Limit: 255 characters

Related Topics

Adding users to a user group

Adding a directory user group

It is the responsibility of the Authorizer Administrator or the User Administrator to add directory groups to Safeguard for Privileged Passwords. However, a Directory Administrator must first add a directory to Safeguard for Privileged Passwords before an administrator has the ability to add directory groups. It is the responsibility of the Security Policy Administrator to add local user groups. For more information, see Adding a user group.

IMPORTANT: The standard global catalog port, 3268 (LDAP), must be open on the firewall for every Windows global catalog server in the environment and SPP Appliance to communicate for directory management tasks (for example, adding a directory account, a directory user account, or a directory user group). LDAP uses port 389 for unencrypted connections. For more information, see the Microsoft publication How the Global Catalog Works.

To add a directory user group

  1. Navigate to Administrative Tools | User Groups.
  2. Click (or tap) Add Directory Group from the toolbar.
  3. In the Directory Group dialog, select a directory.
  4. Browse to select a container within the directory as the Filter Search Location.
  5. The Include objects from sub containers check box is selected by default indicating that child objects will be included in your search. Clear this check box to exclude child objects from your search.
  6. In the Contains field, enter a full or partial directory group name and click (or tap) Search.

    To search for a directory group, you must enter text into the search box. The text search is not case sensitive and does not allow wild cards. Safeguard for Privileged Passwords searches the entire forest root using the global catalog. You can search on partial strings. For example, if you enter "ad" in the search box, it will find any directory group that contains "ad".

  7. The results of the search displays in the Select the group to add grid. Select a group name and click (or tap) OK, or double-click (or double-tap) a name to add a directory group.

Note: Because Microsoft Active Directory does not have a Time Zone attribute, when you add a directory group, Safeguard for Privileged Passwords sets the default time zone for all imported accounts to (UTC) Coordinated Universal Time. To reset the time zone, open each imported account in Users and modify the Time Zone on the Location tab.

Related Documents