Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Adding users to a user group

It is the responsibility of the Security Policy Administrator to add both local or directory users to local user groups.

Note: Directory group membership is maintained in the directory, such as Active Directory.

To add users to a user group

  1. Navigate to Administrative Tools | User Groups.
  2. In User Groups, select a user group from the object list and open the Users tab.
  3. Click (or tap)  Add User from the details toolbar.
  4. Select one or more users from the list in the Users selection dialog and click (or tap) OK.

    Note: You can also double-click (or double-tap) a user name to add it.

    Important: You cannot add a group to a user group's membership; group membership cannot be nested.

If you do not see the user you are looking for, depending on your Administrator permissions, you can create it in the Users selection dialog. (You must have Authorizer Administrator or User Administrator permissions to create users.)

To create a new user in the Users selection dialog

  1. Click (or tap) Create New.

    For more information, see Adding a user.

  2. Create additional users, as required.
  3. Click (or tap) OK in the Users selection dialog to add the users to the user group.

Adding a user group to an entitlement

When you add user groups to an entitlement, you are specifying which people can request access to the accounts and assets governed by an entitlement's policies.

Note: It is the responsibility of the Security Policy Administrator to add user groups to entitlements.

To add a user group to entitlements

  1. Navigate to Administrative Tools | User Groups.
  2. In User Groups, select a user group from the object list and open the Entitlements tab.
  3. Click (or tap) Add Entitlement from the details toolbar.
  4. Select one or more entitlements from the Entitlements selection dialog and click (or tap) OK.

    Note: You can also double-click (or double-tap) an entitlement name to add it.

If you do not see the entitlement you are looking for, depending on your Administrator permissions, you can create it in the Entitlements selection dialog. (You must have Security Policy Administrator permissions to create entitlements.)

To create a new entitlement in the Entitlements selection dialog

  1. Click (or tap) Create New.

    The Entitlement dialog appears. For more information about creating entitlements, see Adding an entitlement.

  2. Create additional entitlements, as required.
  3. Click (or tap) OK in the Entitlements selection dialog to add the selected user group to the entitlements.

Modifying a user group

Only the Security Policy Administrator can modify user groups.

To modify a user group

  1. Navigate to Administrative Tools | User Groups.
  2. In User Groups, select a user group.
  3. Select the view of the user group's information you want to modify (General, Users, or Entitlements).

    For example:

    • To change a local user group's name or description, double-click (or double-tap) the General information box on the General tab or click (or tap) the  Edit icon.

      Note: You can double-click (or double-tap) a user group name to open the General settings edit window.

    • To add (or remove) users to the selected local user group, switch to the Users tab.

      Note: You can multi-select members to add or remove more than one from a user group.

    • To add (or remove) the selected user group to an entitlement, switch to the Entitlements tab.

  4. To view or Exporting data the details of each operation that has affected the selected user group, switch to the History tab.

Deleting a user group

It is the responsibility of the Security Policy Administrator to delete groups of local users from Safeguard for Privileged Passwords. It is the responsibility of the Authorizer Administrator or the User Administrator to delete directory groups.

Note: When you delete a user group, Safeguard for Privileged Passwords does not delete the users associated with it.

To delete a user group

  1. Navigate to Administrative Tools | User Groups.
  2. In User Groups, select a user group from the object list.
  3. Click (or tap) Delete Selected.
  4. Confirm your request.
Related Documents