Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Stopping a task

To stop a task

  1. In the Toolbox, open the Tasks pane.
  2. Click (or tap)  Cancel next to a running task.

Accounts

A Safeguard for Privileged Passwords account is a unique identifier that Safeguard for Privileged Passwords uses to control access to assets. Managed user, group, or service accounts exist on the asset. Each account has an associated asset; if you delete an asset, Safeguard for Privileged Passwords permanently deletes all the accounts associated with it.

The Auditor and the Asset Administrator have permission to access Accounts.

Note: On Unix assets, the accounts are stored in etc/passwd; however, each platform implements this concept differently.

The Accounts view displays the following information about the selected account:

Note: Safeguard for Privileged Passwords designates a service account with a Service Account icon. For more information, see About service accounts.

Table 28: Accounts: Tabs
Tab Description
General tab Displays general information about the selected account.
Access Request Policies tab Displays the entitlements and access request policies associated with the selected account.
Account Groups tab Displays the account groups that contain the selected account.
Check and Change Log tab Displays the password validation and reset history for the selected account.
History tab Displays the details of each operation that has affected the selected account.

For information about configuring account discovery in Safeguard for Privileged Passwords, see Account discovery job workflow.

Use these toolbar buttons to manage accounts.

Table 29: Accounts: Toolbar
Option Description
Add Account

Add accounts to Safeguard for Privileged Passwords. For more information, see Adding an account.

Delete Selected

Remove the selected account. For more information, see Deleting an account.

Refresh Update the list of accounts.
Import Accounts

Add accounts to Safeguard for Privileged Passwords. For more information, see Importing objects.

Account Security

Menu options include: Check Password, Change Password, and Set Password. For more information, see Checking, changing, or setting an account password.

Password Archive

Display the password history for the selected account. For more information, see Viewing password archive.

Access Requests

Allows you to enable or disable access request services for the selected account. Menu options include:

  • Enable Password Request
  • Disable Password Request
  • Enable Session Request
  • Disable Session Request

NOTE: Access request services are enabled by default for all accounts added directly to Safeguard for Privileged Passwords, except for service accounts. Access request services are disabled by default for all discovered accounts.

General tab

The General tab lists information about the selected account.

Large tiles at the top of the tab display the number of Access Request Policies and Account Groups associated with the selected account. Clicking a tile heading opens the corresponding tab.

NOTE: These tiles are only visible to the Auditor.

NOTE: The time stamps for the password and SSH Key check and change transactions are based on the user's local time.

Table 30: Accounts General tab: General properties
Property Description
Name The name of the selected account.
Asset

The display name of the managed system associated with this account.

NOTE: Accounts are only associated with one asset.

Partition The name of the partition where the selected account resides.
Profile

The name of the profile that governs the accounts assigned to a partition.

Enable Password Request True or False, indicating whether password release requests are enabled for this account.
Enable Session Request True or False, indicating whether session access requests are enabled for this account.
Last Successful Password Check

The date and time of the last successful password validation.

Next Password Check

The date and time of the next automated password check as set in the Check Password schedule of the partition profile. For more information, see Adding check password settings.

Last Successful Password Change

The date and time of the last successful password change.

Next Password Change

The date and time of the next automated password change as set in the Change Password schedule of the partition profile. For more information, see Adding change password settings.

Last Successful SSH Key Change

The date and time of the last successful SSH Key change.

Next SSH Key Change

The date and time of the next SSH Key change.

Tags: Tag assignments for the selected account.

The tiles displayed in the Tags pane include both the dynamic tags added through tagging rules and static tags that were added manually. In addition to viewing tag assignments, Asset Administrators can add and remove statically assigned tags.

NOTE: Dynamically assigned tags contain a lightening bolt icon and cannot be deleted; whereas, static tags which can be removed contain an X icon.

Description: Information about selected account.

Related Topics

Modifying an account

Access Request Policies tab

The Access Request Policies tab displays the entitlements and access request policies, including password release policies and session request policies, associated with the selected account.

Click (or tap)  Add to Policy from the details toolbar to add the selected account to the scope of an access request policy.

Table 31: Accounts: Access Request Policies tab properties
Property Description

Entitlement

The name of the access request policy's entitlement.

Access Request Policy

The name of the policy that governs the selected account.

Accounts

The number of unique accounts in the account groups that are associated with the access request policy.

# Account Groups

The number of unique account groups in the access request policy.

Account Groups

The names of the account groups that associate the selected account with the policy.

Use these buttons on the details toolbar to manage your access request policies associated with the selected account.

Table 32: Accounts: Access Request Policies tab toolbar
Option Description

Add to Policy

Add the selected account to the scope of an access request policy.

Remove Selected

Remove the selected policy.

Refresh

Update the list of access request policies.

Details

View additional details about the selected policy. For more information, see Viewing policy details.

Search

To locate a specific policy or set of policies in this list, enter the character string to be used to search for a match. For more information, see Search box.

Related Documents