Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Adding accounts to an access request policy

To add accounts to an access request policy

  1. Navigate to Administrative Tools | Account Groups.
  2. In Account Groups, select an account group from the object list and open the Access Request Policies tab.
  3. Click (or tap)  Add to Policy from the details toolbar.
  4. Select a policy from the list in the Access Request Policy selection dialog and click (or tap) OK.

    Note: You can also double-click (or double-tap) the access request policy to which the account group is to be added.

Modifying an account group

To modify an account group's information

  1. Navigate to Administrative Tools | Account Groups.
  2. In Account Groups, select an account group from the object list.
  3. Select the view of the account group's information you want to modify (General, Accounts, or Access Request Policies).

    For example:

    • To change an account group's name or description, double-click (or double-tap) the General information box in the General tab or click (or tap) the  Edit icon.

      Note: You can also double-click (or double-tap) an account group name to open the General settings edit window.

    • To add (or remove) accounts to the selected account group, switch to the Accounts tab.

      Note: You can multi-select members to add or remove more than one from an account group.

    • To add (or remove) the selected account group to the scope of a policy, switch to the Access Request Policies tab.
  4. To view or export the details of each operation that has affected the selected account group, switch to the History tab.

Related Topics

Adding an account group

Deleting an account group

Note: When you delete an account group, Safeguard for Privileged Passwords does not delete the associated accounts.

To delete an account group

  1. Navigate to Administrative Tools | Account Groups.
  2. In Account Groups, select an account group
  3. Click (or tap) Delete Selected.
  4. Confirm your request.

Assets

A Safeguard for Privileged Passwords asset is a computer, server, network device, or application managed by a Safeguard for Privileged Passwords Appliance.

The Auditor and the Asset Administrator have permission to access Assets.

Note: Before adding systems to Safeguard for Privileged Passwords, you must ensure they are properly configured. For more information, see Preparing systems for management.

Note: For information about configuring asset discovery in Safeguard for Privileged Passwords, see Asset discovery job workflow.

The Assets view displays the following information about the selected system.

Table 48: Assets: Tabs
Tab Description
General tab Displays general, management and connection settings for the selected asset.
Accounts tab Displays the accounts associated with this asset.
Account Dependencies tab Windows only: Displays the directory accounts that the selected Windows server depends on to perform services and tasks.

Access Request Policies tab

Displays the entitlements and access request policies associated with the selected asset.

Asset Groups tab

Displays the asset groups that contain the selected asset.
History tab Displays the details of each operation that has affected the selected asset.

Use these toolbar buttons to manage assets.

Table 49: Assets: Toolbar
Option Description

Add | Asset

Add assets to Safeguard for Privileged Passwords. For more information, see Adding an asset.
Delete Selected

Remove the selected asset. For more information, see Deleting an asset.

Important: When you delete an asset, you also permanently delete all the Safeguard for Privileged Passwords accounts associated with the asset.

Refresh Update the list of assets.
Import Assets Add assets to Safeguard for Privileged Passwords. For more information, see Importing objects.
Discovery Add or manage asset discovery jobs. For more information, see Discovery.

Download SSH Key

Add the SSH key to the selected asset. For more information, see Downloading a public SSH key.

Access Request

Allows you to enable or disable access request services for the selected asset. Menu options include:

  • Enable Session Request
  • Disable Session Request
Show Ignored Display the hidden assets.
Hide Ignored Hide assets marked as "Ignore".

Right click on an asset to use these context menu options.

Table 50: Assets context menu options
Option Description
Discover SSH Host Key

This option only applies to assets that exchange SSH host keys, such as Unix-based assets and Linux-based assets.

Retrieves the latest SSH host key for the selected asset. The Discover SSH Host Key dialog also tells you when the SSH host key is up to date.

If the SSH host key is not discovered on the asset (either via a discovery or import), certain tasks will not be available for accounts associated with the asset, such as Check System, Check Password, Change Password.

Check Connection

Select to verify that Safeguard for Privileged Passwords can log into the asset using the current service account credentials. For more information, see Checking an asset's connectivity.

Download SSH Key Add the SSH key to the selected asset.

Manage - Ignore

Select Manage to have Safeguard for Privileged Passwords manage an "ignored" asset. This option is only available for assets that have been ignored.

Select Ignore to prevent Safeguard for Privileged Passwords from managing the selected asset. When you ignore an asset, Safeguard for Privileged Passwords disables it and removes all associated accounts. If you choose to Manage the asset later, Safeguard for Privileged Passwords re-enables all the associated accounts.

Access Requests

Select Enable Session Request to allow session requests for the selected asset.

Select Disable Session Request to disallow session requests for the selected asset.

Discover Accounts Runs a discovery job to find accounts on the selected asset. From the tasks pane, select Show Accounts to open the Partitions view to view the accounts found.
   
Delete Selected

Remove the selected asset from Safeguard for Privileged Passwords.

Important: When you delete an asset, you also permanently delete all the Safeguard for Privileged Passwords accounts associated with the asset.

Related Documents