Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Administrator permissions

To secure control of your IT department's assets (that is, "managed systems"), Safeguard for Privileged Passwords uses a role-based access control hierarchy. Safeguard for Privileged Passwords's various permission sets restrict the amount of control each type of user has.

Note: It is the responsibility of a user with Authorizer Administrator permissions to grant administrator permissions to other Safeguard for Privileged Passwords users; however, the User Administrator can grant Help Desk Administrator permissions to non-administrative users.

Administrator permissions include:

Appliance administrator permissions

The appliance administrator is responsible for configuring and maintaining the appliance, including the following tasks:

  • Racks and stacks the appliance
  • Configures the appliance.
  • Troubleshoots performance, hardware, and networking.
  • Creates and monitors the status of a clustered environment.
  • Manages licenses, certificates, backups, and sessions settings.
  • Enables and disables access request and password management services.
Table 254: Appliance administrator: Permissions
Safeguard for Privileged Passwords view/page Permissions

Activity Center

View and export appliance activity events.

Administrative Tools | Toolbox

Access to the Tasks pane.

Administrative Tools | Settings:

 

  • Access Request | Enable or Disable Services
Enable or disable the access request and password management services.
  • Appliance

Monitor the status of the appliance.

Shutdown or restart the appliance.

Run diagnostics on the appliance.

Enable or disable Lights Out Management (BMC).

Configure networking settings.

Perform a factory reset to recover from major problems or clear the data and configuration settings on the appliance.

Generate a support bundle to assist technical support.

Manage appliance time.

Install update files (patches).

  • Backup and Retention
Configure backup and retention settings, define archive servers, and manage backups.
  • Certificates
Manage the certificates used by Safeguard.
  • Cluster

Create and manage a clustered environment.

Monitor the status of the clustered environment.

Diagnose cluster members.

  • External Integration

Configure Approval Anywhere service for access request approvals.

Configure Safeguard for Privileged Passwords to send event notifications to external systems.

Configure identity providers and authentication providers.

Configure Safeguard for Privileged Passwords to send SNMP traps to the SNMP console.

Join Safeguard for Privileged Passwords to Starling.

Configure Safeguard for Privileged Passwords to send event notifications to a syslog server.

Configure the integration with an external ticketing system.

  • Licensing
Add and manage Safeguard for Privileged Passwords module licenses.
  • Messaging

Configure login notifications.

Set message of the day.

  • Safeguard for Privileged Passwords Access | Login Control
Configure the user login control settings.
  • Sessions

Configure session recording storage management.

Configure the sessions module settings.

Reset the sessions module.

Generate or download an SSH host key.

Asset administrator permissions

An asset administrator manages all partitions, assets, and accounts:

  • Creates (or imports) local assets and accounts.
  • Creates partitions and partition profiles.
  • Delegates partition ownership to users.

    NOTE: A delegated partition owner has a subset of permissions that an Asset Administrator has. That is, the delegated partition owner is authorized to manage a specific partition and the assets and accounts assigned to that partition.

  • Assigns assets to partitions.
  • Manages account password rules.

NOTE: Asset Administrators can only view the user object history for their own account.

Table 255: Asset administrator: Permissions
Safeguard for Privileged Passwords view | page Permissions

Dashboard | Account Automation

Full control for accounts related to all Safeguard for Privileged Passwords assets.

NOTE: Delegated partition owners have control for accounts related to the assets and directories managed through delegated partition profile.

Activity Center

View and export asset activity events.

Administrative Tools | Toolbox

Access to the Accounts, Assets, Partitions and Users view.

Access to the Tasks pane.

Administrative Tools | Accounts

Add, modify, delete and import accounts.

Check, change, and set account passwords.

Access password archive.

Enable or disable the access request services for an account.

Administrative Tools | Assets

Add, modify, delete and import assets.

Configure and manage asset discovery jobs.

Download SSH Key.

Administrative Tools | Partitions

Add, modify and delete partitions and partition profiles.

Set partition as default.

Add assets to the scope of a partition profile.

Administrative Tools | Settings:

 

  • Asset Management | Account Discovery

Add, modify and delete account discovery settings.

  • Messaging

Login notification: View only.

Set message of the day.

  • Profile | Account Password Rules

Add, modify and delete account password complexity rules.

  • Profile | Change Password

Add, modify and delete change password settings.

  • Profile | Check Password

Add, modify and delete check password settings.

  • Profile | Password Sync Groups

Add, modify, and delete password sync groups.

  • Safeguard for Privileged Passwords Access | Password Rules
View only.

Administrative Tools | Users

Delegate partition ownership to users.

Auditor permissions

The Auditor administrator has read-only access to all features, giving him the ability to review all access request activity:

  • Monitors appliance information.
  • Reviews everything.
  • Exports object history.
  • Runs entitlement reports.
Table 256: Auditor administrator: Permissions
Safeguard for Privileged Passwords view | page Permissions

Dashboard

View only.

Activity Center

View and export activity events.

Audit access request workflow.

Reports

View and export entitlement reports.

Administrative Tools | Toolbox

Access to all Administrative Tools views and the Tasks pane.

Administrative Tools | Accounts

View only.

Administrative Tools | Account Groups

View only.

Administrative Tools | Assets

View asset discovery jobs.

Administrative Tools | Asset Groups View only.

Administrative Tools | Directories

View only.

Administrative Tools | Entitlements

View only.

Administrative Tools | Partitions

View only.

Administrative Tools | Settings:

 

  • Access Request
View only.
  • Appliance

View Appliance Information.

Run diagnostics on appliance.

View licensing information.

View Lights Out Management (BMC) settings.

View Networking settings.

View Time settings.

View update history.

  • Backup and Retention
View only.
  • Certificates
View only.
  • Cluster
View only.
  • Asset Management
View only.
  • External Integration
View only.
  • Messaging

Login notification: View only.

Set message of the day.

  • Profile

View only.

  • Safeguard for Privileged Passwords Access
View only.
  • Sessions
View only.

Administrative Tools | Users

View only.

Administrative Tools | User Groups

View only.

Related Documents