Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Toolbar

The toolbar at the top of the views (except for the Toolbox and Settings), contain these options, depending on your Administrator permissions and the administrative tool you are in.

Table 26: Administrative Tools toolbar options
Option Description
Add Add objects to the Safeguard for Privileged Passwords ppliance.
Delete Remove objects from the appliance.
Refresh

Refresh the screen.

NOTE: Whenever you add, modify, or delete an object in Administrative Tools, the changes you make cannot be seen by other administrators running Safeguard for Privileged Passwords on other clients unless they click (or tap) Refresh.

Import

Add a set of objects from a .csv file. For more information, see Importing objects.

NOTE: Only available for Accounts, Assets and Users.

User Security

Menu options include: Set Password and Unlock accounts. For more information about these options, refer to Setting a local user's password and Unlocking a user's account.

NOTE: Only available for Users.

Account Security

Menu options include: Set Password, Check Password, and Change Password. For more information, see Checking, changing, or setting an account password.

NOTE: Only available for Accounts.

Permissions

Set administrator permissions for users. For more information, see Administrator permissions.

NOTE: Only available for Users.

Set as Default

Set a directory or partition as the default. For more information, see Setting a default partition, Setting a default partition profile, and Setting a default directory profile.

NOTE: Only available for Partitions.

Download SSH Key

Add the SSH Key to the selected asset. For more information, see Downloading a public SSH key.

NOTE: Only available for Assets.

Password Archive

Display the password history for the selected account. For more information, see Viewing password archive.

NOTE: Only available for Accounts.

Access Requests

Enable or disable access request services for the selected account.

NOTE: Only available for Accounts.

Discovery

Add or manage asset discovery jobs. For more information, see Discovery.

NOTE: Only available for Assets.

Show Ignored

Display the hidden assets.

NOTE: Only available for Assets.

Hide Ignored

Hide assets marked as "Ignore".

NOTE: Only available for Assets.

Sync Now

Run the directory addition and deletion synchronization process on demand. In addition, it runs through the discovery, if there are discovery rules and configurations set up.

NOTE: Only available for Directories.

Search box

The search box located at the top of the object list pane can be used to filter the data being displayed. When you enter a text string into the search box, the results include items that have a string attribute that "contains" the text that was entered.

NOTE: This same basic search functionality is also available for many of the detail panes and selection dialogs allowing you to filter the data displayed in the associated pane or dialog.

When searching for objects in the object lists, an attribute search functionality is also available where you can filter the results, based on a specific attribute. That is, the search term matches if the specified attribute "contains" the text. To perform an attribute search, click the icon to select the attribute to be searched.

Rules for using the search functionality:

  • Search strings are not case sensitive.
  • Wild cards are not allowed.
  • Try using quotes and omitting quotes. As you use the product, you will become familiar with the search requirements for the search fields you frequent. Safeguard may perform a general search (for example, omits quotes) or a literal search (for example, includes quotes). Example scenarios follow:

    • On the Settings pane, search strings must be an exact match because a literal search is performed. Do not add quotes or underlines. For example, from the Settings pane, enter password rules to return Safeguard Access > Password Rules. If you enter "password rules" or password_rules, the following message is returned: No matches found.
    • On the Users pane search box:

      • A general search does not return anything if you use quotes because it uses a literal search (searches for the quotes). For example: searching for "ab_misc2" returns the message: There is nothing to show here.
      • You can use quotes in an attribute search if there are spaces in the search name. For example, entering the following in the search box Username: "ab_misc2" returns: AB_misc2.
  • When multiple search strings are included, all search criteria must be met in order for an object to be included in the results list.
  • When you combine a basic search and an attribute search, the order they are entered into the search box matters. The attribute searches can be in any order, but the basic search must come after the attribute searches.
  • In large environments, you will see a result number to tell you how many objects match the criteria; however, only the first 200 objects will be retrieved from the server. When you scroll down the list, more objects will be retrieved (paged) as needed.

To search for objects or object details

  1. Enter a text string in the Search box. As you type, the list displays items whose string attributes contain the text that was entered.

    For example, enter T in the search box to search for items that contain the letter "T", or enter sse to list all items that contain the string "sse", such as "Asset".

    Note: The status bar along the bottom of the console shows the number of items returned.

  2. To clear the search criteria, click (or tap)  Clear.

    When you clear the search criteria, the original list of objects are displayed.

To conduct an attribute search

The attributes available for searching are dependent on the type of object being searched. The search drop-down menu lists the attributes that can be selected.

NOTE: The drop-down menu lists a limited number of attributes that can be searched; however, you can perform an attribute search using the English name of any attribute as it appears in the API. Nested attributes can be chained together using a period (.). To see a list of all the attributes, see the API documentation. For information about the API, see How do I access the API.

  1. Click (or tap) the icon and select the attribute to be searched.

    The selected attribute is added to the search box. For example, if you select Last Name, LastName: is added to the search box.

  2. In the search box, enter the text string after the colon in the attribute label.

    NOTE: You can specify multiple attributes, repeating these steps to add an additional attribute to the search box. Do not add punctuation marks, such as commas or colons to separate the different attributes. When multiple attributes are included, all search criteria must be met in order for an object to be included in the results list.

    As you type, the list displays items whose selected attributes contain the text that was entered.

    Note: The status bar along the bottom of the console shows the number of items returned.

  3. To clear the search criteria, click (or tap) Clear.

    When you clear the search criteria, the original list of objects are displayed.

Sorting entity lists

By default the objects are listed in alphabetical order; however, you can use the controls located above the list to sort the object list.

To sort the object lists

  1. Select Ascending or Descending under the Search box to sort the list in either alphabetical or reverse-alphabetical order.
  2. To sort the list of Accounts, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Name (Default)
    • Description
    • Asset
    • Profile
    • Partition
  3. To sort the list of Account Groups, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
    • Dynamic
  4. To sort the list of Assets, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Name (Default)
    • Description
    • Platform
    • Network Address
    • Partition
  5. To sort the list of Asset Groups, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
    • Dynamic
  6. To sort the list of Directories, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
    • Platform
  7. To sort the list of Entitlements, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Priority (Default)
    • Name
    • Description
  8. To sort the list of Partitions, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:

    • Name (Default)
    • Description
  9. To sort the list of Users, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • User Name (Default)
    • Description
    • First Name
    • Last Name
    • Email Address
    • Domain Name
  10. To sort the list of User Groups, open the drop-down menu under the Search box and choose one of the following options before sorting the list in either Ascending or Descending order:
    • Name (Default)
    • Description
    • Type (Sorts by Local and Directory groups.)

Privileged access requests

One Identity Safeguard for Privileged Passwords provides a workflow engine that supports time restrictions, multiple approvers, reviewers, emergency access, and expiration of policy. It also includes the ability to input reason codes and integrate directly with ticketing systems.

In order for a request to progress through the workflow process, authorized users perform "assigned" tasks. These tasks are performed from the user's Home page in the desktop client or web client.

As a Safeguard for Privileged Passwords user, your Home page provides a quick view to the access request tasks that need your immediate attention. In addition, Safeguard for Privileged Passwords can be configured to alert you when you have pending tasks awaiting your attention. For more information, see Configuring alerts.

The access request tasks you see on your Home page depend on the rights and permissions you have been assigned by an entitlement's access request policies. For example:

  • Designated "requesters" see tasks related to submitting new access requests, as well as actions to be taken once a request has been approved (for example, viewing passwords, copying passwords, launching sessions and checking in completed requests).

    Requesters can also define favorite requests, which then appear on their Home page for subsequent use. For more information, see Creating, editing, or removing a favorite request.

  • Designated "approvers" see tasks related to approving (or denying) and revoking access requests.
  • Designated "reviewers" see tasks related to reviewing completed (checked in) access requests, including playing back a session if session recording is enabled.

Password release requests and session requests use the same workflow engine; however, the actions taken on a session request are slightly different than those taken on a password release request. Therefore, we will cover each of these access request workflows separately:

Related Documents