Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Managing accounts

Use the controls and tabbed pages on the Accounts page to perform the following tasks to manage Safeguard for Privileged Passwords accounts:

Adding an account

It is the responsibility of the Asset Administrator to add assets and accounts to Safeguard for Privileged Passwords.

Note: Safeguard for Privileged Passwords allows you to set up account discovery jobs that run automatically. For more information, see Account discovery job workflow.

To add an account

  1. Navigate to Administrative Tools | Accounts.
  2. Click (or tap)  Add Account from the toolbar.
  3. In the Account dialog, supply the following information:

    • Asset Name: Browse to select an asset to associate with this account.

      NOTE: While an asset can have multiple accounts, you can only associate an account with one asset.

    • Name: Enter the login user name for this account.

      Limit: 100 characters

    • Description: (Optional) Enter information about this managed account.

      Limit: 255 characters

    • Profile: Browse to select a profile to govern this account.

      NOTE: By default an account inherits the profile of its associated asset, but you can assign it to a different profile for this partition. For more information, see Assigning assets or accounts to a partition profile.

    • Enable Password Request: This check box is selected by default indicating that password release requests are enabled for this account. Clear this option to prevent someone from requesting the password for this account.

      NOTE: By default a user can request the password for any account in the scope of the entitlements in which he or she is an authorized "user".

    • Enable Session Request: This check box is selected by default indicating that session access requests are enabled for this account. Clear this option to prevent someone from requesting session access using this account.

      NOTE: By default a user can make an access request for any account in the scope of the entitlements in which he or she is an authorized "user".

Note: When you add an account to Safeguard for Privileged Passwords you are not adding it to the asset, you are simply adding an existing account to the Safeguard for Privileged Passwords database. The new account displays on the Accounts list.

Related Topics

Checking, changing, or setting an account password

Assigning assets or accounts to a partition profile

Account discovery job workflow

Adding a cloud platform account

Adding a cloud platform account

One Identity Safeguard for Privileged Passwords can manage cloud platform accounts such as Facebook, Twitter, Amazon Web Services (AWS), etc.

Before you add cloud platform accounts to Safeguard for Privileged Passwords, you must first add an asset with which to associate the accounts.

To add a cloud platform to Safeguard for Privileged Passwords

  1. Log into Safeguard for Privileged Passwords and navigate to Administrative Tools.
  2. In Assets, click (or tap)  Add Asset from the toolbar.
  3. In the General tab,
    1. Name: Enter an asset name that is meaningful to you, such as "Cloud Account Server" which you can use to manage all cloud platform accounts. (You might add separate assets for Facebook accounts and Twitter accounts.)
    2. Description: (Optional) Enter a description for the asset.
    3. Partition: Select the partition you want Safeguard for Privileged Passwords to use to manage the cloud platform account passwords.
    4. Profile: Select the profile you want Safeguard for Privileged Passwords to use to manage the cloud platform account passwords.
  4. In the Management tab,

    1. Product: Select the appropriate product, such as Amazon Web Services, Facebook, or Twitter.
    2. Version: For Amazon Web Services, select the version.
    3. Network Address: For Amazon Web Services, enter the AWS Account ID or Alias which can be found on the AWS IAM User's view.
  5. For Amazon Web Services, in the Connection tab, select:

    1. Access Key to authenticate to the asset using an access key. Enter the following information:

      • Service Account Name: Enter the configured IAM service account.
      • Access Key ID: Enter the Access Key ID created for the IAM service account.
      • Secret Key: Enter the Secret Key created for the IAM service account.

      -OR-

    2. None to not authenticate to the asset and manually manage the asset.
  6. For Facebook and Twitter, in the Connection tab, select Account Password to authenticate using the current account password.

Once you add the cloud platform asset, you can associate accounts with it.

To add an account to the cloud platform

  1. In Assets, select the cloud platform asset and switch to the Accounts tab.
  2. Click (or tap)  Add Account from the details toolbar.
  3. In the User Name field, enter the cloud platform account username, email address, or phone number. For example, for a Twitter account, enter the "@User" account name.
  4. In the Password field, enter the account password for the user name you provided.
  5. Click (or tap) Test Connection to verify that Safeguard for Privileged Passwords can communicate with this cloud platform using the credentials that you have provided.
  6. Optionally enter a Description.
  7. Browse to select a profile to govern this account
  8. Ensure the Enable Password Request option is checked and click (or tap) Add Account.

Now you can manually check, change, or set the cloud platform account password; and, Safeguard for Privileged Passwords can automatically manage the password according to the Check and Change settings in the profile governing the account.

To resolve a Twitter requirement for additional verification

Twitter may prompt for additional verification on the next login if suspicious activity is detected (for example, the login originated from a new device or there were too many failed logins from a device). The additional verification may require entry of the email address associated with the Twitter account or entry of a temporary password sent via email. Safeguard for Privileged Passwords detects the Twitter prompt and displays the login requirement in a status message when the password change fails. The Activity Center Event may display Password Change Failed with the following Checking detail: Additional account verification requested:’RetypeEmail’.

To resolve the request for verification so that Twitter trusts the Safeguard for Privileged Passwords Appliance:

  1. Open a browser on the same network as the Safeguard for Privileged Passwords Appliance.
  2. Log into Twitter as the account.
  3. Enter the additional verification requested.

To checkout the cloud platform account

  1. Add a cloud platform Account Group and add the accounts to the group.
  2. Add an entitlement for the cloud platform accounts.
  3. Add users to the entitlements.
  4. Add a password release policy to the entitlement.
  5. Add the cloud platform Account Group to the scope of the policy.

Manually adding a tag to an account

Asset Administrators can manually add and remove tags to an account using the Tags pane, which is located at the bottom of the General tab when an account is selected on the Accounts view.

To manually add a tag to an account

  1. Navigate to Administrative Tools | Accounts.
  2. In Accounts, select an account from the object list (left-pane).
  3. Open the General tab and scroll down to view the Tags pane.
  4. Click (or tap) next to the Tags title.
  5. Place your cursor in the edit box and enter the tag to be assigned to the selected account.

    As you type, existing tags that start with the letters entered will appear allowing you to select a tag from the list.

    To add additional tags, press Enter before entering the next tag.

  6. Click (or tap) OK.

    If you do not see the new tag, click the Refresh toolbar button.

  7. To remove a manually assigned tag, click (or tap) next to the Tags title and click the X inside the tag box to be removed.

    NOTE: You cannot manually remove dynamically assigned tags which are indicated by a lightening bolt icon. You must modify the rule associated with the dynamic tag if you want to remove it. For more information, see Modifying an asset or asset account tag.

Related Documents