Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Adding an account to account groups

From the Accounts view you can add an account to one or more account groups.

To add an account to account groups

  1. Navigate to Administrative Tools | Accounts.
  2. In Accounts, select an account from the object list and open the Account Groups tab.
  3. Click (or tap)  Add Account Group from the details toolbar.
  4. Select one or more account groups from the list in the Account Groups dialog and click (or tap) OK.

    Note: You can also double-click (or double-tap) an account group name to add it.

If you do not see the account group you are looking for, depending on your Administrator permissions, you can create it in the Account Groups selection dialog. (You must have Security Policy Administrator permissions to create account groups.)

To create a new account group from the Account Groups selection dialog

  1. Click (or tap)  Create New.

    For more information about creating account groups, see Adding an account group.

  2. Create additional account groups, as required.
  3. Click (or tap) OK in the Account Groups selection dialog to add the new account to the selected account group.
Related Topics

Adding accounts to an account group

Modifying an account

To modify an account's information

  1. Navigate to Administrative Tools | Accounts.
  2. In Accounts, select an account from the object list.
  3. Double-click (or double-tap) the General information box or click (or tap) the  Edit icon.

    Note: You can also double-click (or double-tap) an account name to open the General settings edit window.

    Note: Once you add an account, you cannot modify an account's associated asset or its name.

  4. To view the selected account's password validation and reset history, switch to the Check and Change Log tab.
  5. To view or export the details of each operation that has affected the selected account, switch to the History tab.
  6. To reset an account's password, right-click (or press and hold) the account name and navigate to Change Password or Set Password from the context menu. For more information, see Checking, changing, or setting an account password.

Deleting an account

Note: When you delete an account, Safeguard for Privileged Passwords does not delete it from its associated asset, it simply removes it from Safeguard for Privileged Passwords.

To delete an account

  1. Navigate to Administrative Tools | Accounts.
  2. In Accounts, select an account from the object list
  3. Click (or tap) Delete Selected.

    Note: If you delete a service account, Safeguard for Privileged Passwords changes the asset's authentication type to None which disables automatic password management for all accounts that are associated with this asset. All assets must have a service account in order to check and change the passwords for the accounts associated with it. For more information, see About service accounts.

  4. Confirm your request.

Importing objects

Safeguard for Privileged Passwords allows you to import a .csv file containing a set of accounts, assets, or users.

To import a set of objects

  1. Click (or tap)  Import from the toolbar.
  2. In the Import dialog, Browse to select an existing .csv file containing a list of objects to import.

    Note: For assistance in creating an import file, click (or tap) CSV Template Assistant. For more information, see Creating an import file.

  3. When importing assets, the Discover SSH Host Keys option is selected by default indicating that Safeguard will retrieve the required SSH host key for the assets specified in the CSV file.
  4. Click (or tap) OK.

    Safeguard for Privileged Passwords imports the objects into its database.

    Note: Safeguard for Privileged Passwords does not add an object if any column contains invalid data in the .csv file with the follow exceptions:

    • Assets PlatformDisplayName property.
      1. If Safeguard for Privileged Passwords does not find an exact match, it looks for a partial match. If it finds a partial match it supplies the <platform> Other platform, such as "Other Linux".
      2. If it does not find a partial match, it supplies the Other platform type.
    • Users TimeZoneId property.
      1. If Safeguard for Privileged Passwords does not find a valid TimeZoneId property (that is, does not find an exact match or no timezone was provided), it uses the local workstation's current timezone.

        Note: Do not enter numbers or abbreviations for the TimeZoneId.

    • Users Password property.
      1. Safeguard for Privileged Passwords adds a user without validating the password you provide.
  5. Navigate to the Tasks pane in the Toolbox for details about the import process and invalid data messages. For more information, see Viewing task status.
Related Documents