Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Certificate issue

If you are experiencing Test Connection failures for an asset that uses SSL, these are some possible causes:

Cipher support

Both the Safeguard for Privileged Passwords client and the SSH server must support the same cipher. If you run Test Connection against an asset that uses SSH and there is no cipher supported by both the client and the server, Safeguard for Privileged Passwords displays an error message that says, "Connecting to asset XXXXXXXXXXXXXXXXXX failed (There is no cipher supported by both: client and server)". This means that during the setup of the asset connection, the Safeguard for Privileged Passwords client and the SSH server did not have matching ciphers for message encryption. In this case, you must modify the SSH server's configuration by adding at least one cipher supported by Safeguard for Privileged Passwords to the list of ciphers.

Safeguard for Privileged Passwords supports these ciphers.

Table 269: Supported ciphers
3des idea
3des-ctr idea-ctr
aes128 none
aes128-ctr serpent128
aes192 serpent128-ctr
aes192-ctr serpent192
aes256 serpent192-ctr
aes256-ctr serpent256
arcfour serpent256-ctr
arcfour128 twofish128
arcfour256 twofish128-ctr
blowfish twofish192
blowfish-ctr twofish192-ctr
cast128 twofish256
cast128-ctr twofish256-ctr
des  

For example, if using an OpenSSH server with a default list of ciphers, you must add one or more of these ciphers in the OpenSSH's sshd_config file, and then restart the SSH server. For more information about OpenSSH ciphers, see: http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5?query=sshd_config&sec=5

Domain controller issue

Safeguard for Privileged Passwords does not manage passwords for accounts on domain controllers; Safeguard for Privileged Passwords manages passwords for accounts on a domain controller through a directory that hosts the domain controller. For more information, see Adding directory accounts to a directory.

Networking issue

If you are having system connectivity issues, here are some things to consider:

  • Are there security rules on the network (such as firewalls or routers) that might be preventing this traffic?
  • Is traffic from Safeguard for Privileged Passwords routable to the network address of the managed system?
  • Are there any problems with cables, hubs, or switches, and so forth?

You could be experiencing network issues like these:

  • a network outage
  • a router misconfiguration
  • an unplugged wire
  • a switch not working

If Safeguard for Privileged Passwords suspends event notifications, try logging out and logging back in to re-subscribe to SignalR.

Related Documents