Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Anti Cross-Site Request Forgery token error

If you receive an Anti Cross-Site Request Forgery token error when attempting to log into Safeguard for Privileged Passwords using Microsoft Internet Explorer 9 on Windows 7 SP1, this indicates that cookies are blocked.

To resolve this issue

  1. In Internet Explorer, open Tools and choose Internet Options.
  2. In the Privacy tab, click the Advanced button.
  3. Select the Always allow session cookies option.

Connectivity failures

The most common causes of failure in Safeguard for Privileged Passwords are either connectivity issues between the appliance and the managed system, or problems with service accounts.

Note: Always verify network connectivity and asset power before troubleshooting.

The following topics explain some possible reasons that Check Password, Change Password, and Set Password could fail and gives you some corrective steps you can take.

Table 263: Causes for connectivity failures
Cause Description
Change password fails Learn about a possible resolution if Change Password fails.
Incorrect authentication credentials Learn how to resolve incorrect service account credentials.
Missing or incorrect SSH host key Learn how to resolve issues with SSH host keys.
No cipher supported error Learn how to resolve cipher support issues.
Service account has insufficient privileges

Learn how to resolve service account privilege issues.

Change password fails

A local account password change can fail when you are using a Windows asset that is configured with a service account with Administrative privileges, other than the built-in Administrator.

Note: Before Safeguard for Privileged Passwords can change local account passwords on Windows systems, using a member of an administrators group other than built-in Administrator, you must change the local security policy to disable User Account Control (UAC) Admin Approval Mode ("Run all administrators in Admin Approval Mode") option.

To configure Windows assets to change account passwords

  1. Run secpol.msc from the Run dialog,

    -OR-

    From the Windows Start menu, open Local Security Policy.

  2. Navigate to Local Policies | Security Options.
  3. Disable the "User Account Control: Run all administrators in Admin Approval Mode" option.
  4. Restart your computer.

For more information, see Prepare Windows systems.

Incorrect authentication credentials

You must have the correct user name and password to authenticate to an asset.

To resolve incorrect service account credentials

  1. Verify the service account credentials match the credentials in Safeguard for Privileged Passwords asset information (Administrative Tools | Assets | Connection). For more information, see About service accounts.
  2. Perform Test Connection to verify connection. For more information, see About Test Connection.
  3. Attempt to check, change, and set password again. For more information, see Checking, changing, or setting an account password.
Related Documents