Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Sorting report results

Use the controls in the grid heading row to sort report results or rearrange the columns of data.

To sort or move columns

NOTE: An arrow in the column heading identifies the sort criteria and order, ascending or descending, being used to display information.
  1. Click the column heading to be used for the sort criteria.
  2. The sort order is in ascending order. To change it to descending order, click the heading a second time.
  3. To specify a secondary sort order, press the SHIFT key and then click the heading of the column to be used for the secondary sort order.
  4. To change the order of the columns, click the heading of the column to be moved.
  5. Drag and drop the column to a new location within the grid.

Reports

 Reports allows the Auditor and Security Policy administrators to view and export entitlement reports that show which assets and accounts a selected user is authorized to access.

Reports toolbar

The toolbar at the top of Reports contains these options.

Table 23: Reports toolbar options
Option Description
Refresh

Refresh updates the entitlement report.

Export

Export creates a .json file of the report in a location of your choice.

One Identity Safeguard for Privileged Passwords provides these entitlement reports.

Table 24: Entitlement reports
Entitlements By... Description
User

Lists information about the accounts a selected user is authorized to request.

Asset

Lists information about the accounts associated with a selected asset and the users who have authorization to request those accounts.

Account

Lists information about the users who have authorization to request a selected account, including asset and directory accounts.

Running an entitlement report

To run an entitlement report

  1. From the Safeguard for Privileged Passwords desktop Home page, select  Reports.
  2. Choose a type of report: User, Asset or Account.
  3. Browse to select specific objects for the report.

    In the selection dialog, select one or more objects to be included in the report, then click (or tap) OK.

  4. The top of the report displays the following information:

    User:

    • Name: The name of the user.
    • Accounts: Number of accounts each user is allowed to access.

    Asset:

    • Name: The name of the asset.
    • Accounts: Number of accounts on this asset that can be accessed.
    • Requesters: Number of users allowed to request access to the asset's accounts.
    • Partition: The name of the partition to which the asset belongs.
    • Users: The name of the requesters allowed to request access.

    Account:

    • Name: Name of the account.
    • Asset: Name of the asset associated with the account.
    • Requesters: Number of requesters allowed to access an account.
  5. Select an item from the top pane to view additional details.

    Note: For Entitlements by Assets, you can continue to drill down into the details of an item. For example, you can view both the Total Accounts tab and the People tab to see more details about the users that can request the accounts on an asset. Select an item from the results to drill down further into the details about the users and the accounts.

  6. To filter the results, use the filter control in the column heading. For more information, see Filtering report results.

Administrative Tools

The  Administrative Tools allow you to add all the objects you need to write access request policies, such as users, accounts, and assets. From this view, you can also configure all of the Safeguard for Privileged Passwords settings.

Note: You must have administrator permissions to use the  Administrative Tools and the administrator permissions you have determine what you can view and modify.

The navigation pane along the left side of the console gives you access to these administrative tools.

Table 25: Administrative Tools
Administrative Tools Description Administrator permissions
Toolbox Where you can gain quick access to all the tasks you can perform from a single portal. Users with any Safeguard administrator privileges.
Accounts Where you associate account identities with managed systems. Asset Administrator or Auditor
Account Groups Where you define sets of accounts which you can add to the scope of an access request policy. Auditor or Security Policy Administrator
Assets Where you add computers, servers, network devices, or applications to be managed by a Safeguard for Privileged Passwords Appliance. Asset Administrator or Auditor
Asset Groups Where you define sets of assets which you can add to the scope of an access request policy. Auditor or Security Policy Administrator
Directories Where you add external identity providers such as Microsoft Active Directory to Safeguard for Privileged Passwords. Auditor or Directory Administrator
Entitlements Where you specify the access request policies that restrict system access to authorized users. Auditor or Security Policy Administrator
Partitions Where you define collections of assets which can be used to segregate assets for delegation. Asset Administrator, Auditor, or delegated partition owner
Settings

Where you configure Safeguard for Privileged Passwords to run backups, install updates, manage clusters, manage certificates, enable event notifications, configure external integration, define profile configurations settings, define user password rules, define discovery rules, and run troubleshooting tools.

Users with any Safeguard administrator privileges, however, the settings available depend on the administrative permissions assigned.

Users Where you set up users who can log into Safeguard for Privileged Passwords.

Bootstrap, Asset Administrator, Auditor, Authorizer Administrator, Help Desk Administrator, Security Policy Administrator, or User Administrator

User Groups Where you define sets of Safeguard for Privileged Passwords users which you can add to an entitlement.

Bootstrap, Auditor, Authorizer Administrator, Security Policy Administrator, or User Administrator

All of the Administrative Tools views have the following components, except for the Toolbox and Settings:

  • Toolbar across the top of the view.
  • Object list (left pane)
  • Search box at the top of the object list.
  • Details pane (right pane)
Related Documents