Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

General tab

On the Discovery dialog, General tab, supply general information about the asset discovery job and identify the partition where you want Safeguard for Privileged Passwords to add the assets it discovers.

Table 70: Discovery: General properties
Property Description
Name

Enter a name for the asset discovery job.

Limit: 50 characters

Required

Description

Enter information about this asset discovery job.

Limit: 255 characters

Partition

Browse to select the partition in which to manage the discovered assets.

Important: You cannot change the partition after you save this discovery job.

Required

Method

Choose a type of discovery:

  • Directory
  • Network Scan

Required

Information tab

On the Discovery dialog, Information tab define the directory or network information for the discovery job.

Table 71: Discovery: Information properties for Directory scans
Property Description
Directory

Select the Directory on which to run the asset discovery job.

Required

Table 72: Discovery: Information properties for Network scans
Property Description
Enable OS Detection

This check box is selected by default indicating that OS fingerprinting is to be used to detect the operation system being used.

Clear this check box if you do not want to use the OS fingerprinting process.

IPv4 Range

Enter a range of IPv4 addresses to scan:

  • Starting IP Address
  • Ending IP Address

Click (or tap)  Add or  Delete to add or remove IPv4 address range sets.

Required

Advanced Open to reveal the following setting for each IPv4 address range set:
Exclude IP

Safeguard for Privileged Passwords allows you to exclude an IP address within a specified IPv4 range from the scan.

Click (or tap)  Add to exclude an IP address from the scan.

Click (or tap)  Delete to remove the corresponding excluded IPv4 address and include that IP address in the scan.

Rules tab

On the Discovery dialog, Rules tab you want to govern the discovered assets.

Note: You can configure multiple rules for an asset discovery job. Safeguard for Privileged Passwords considers each rule separately and combines the results.

To add a new asset discovery rule

  1. On the Rules tab, click (or tap)  Add.
  2. In the Rule dialog, enter a name for the new asset discovery rule of up to 50 characters.
  3. Under Settings:
    1. Select Add Condition to add one or more constraints or an advanced LDAP filter.
    2. Select Add Connection to configure the authentication parameters.

      NOTE: Connection defaults to NONE.

    3. Select Add Profile to select a profile to govern the discovered assets.

      NOTE: Profile defaults to the partition default profile.

    Note: You must specify at least one condition, the connection and a profile for each rule. The OK button in the Rules dialog will be disabled until all of these settings are defined.

  4. Click (or tap) OK to save the asset discovery rule.

Important: A discovery job can have more than one rule. When Safeguard for Privileged Passwords runs the discovery job, if it finds an asset with more than one rule, it applies the connection and profile settings of the first rule that discovers the asset. Once Safeguard for Privileged Passwords creates an asset, it will not attempt to re-create it or modify it if rediscovered by a different job.

Add Condition

On the Discovery dialog,On the Rule dialog, use Add Conditions to add one or more search conditions.

A discovery rule can have more than one condition and each condition can have one or more constraints. When you select Preview, Safeguard for Privileged Passwords considers all the search constraints in the current condition and returns the assets it finds based only on that condition.

When Safeguard for Privileged Passwords runs the discovery job, it finds all assets that meet all of the search conditions.

To add a condition to Find All

  1. In the Rule dialog, select Add Condition.
  2. In the Condition dialog,
    1. Find By: Choose Find All.
    2. Filter Search Location: Browse to select a container within the directory to search for assets.

      NOTE: The Filter Search Location is only available for Directory discovery jobs.

  3. Click (or tap) Preview to test the conditions you have configured.

    Preview displays a list of assets Safeguard for Privileged Passwords will find in the directory or network you specified in the Information tab based on these conditions.

  4. Click (or tap)OK to save your selections.

To add a condition with constraints

  1. In the Rule dialog, select Add Condition.
  2. In the Condition dialog, in Find By: Choose Constraints. You will enter the search criteria to use.
  3. To change the Filter Search Location, click Browse and select the search location.
  4. Optionally, select Include objects from sub containers to search for assets in sub-containers.

  5. To apply constraints (search criteria):
    1. Select a property:

      • Name
      • Description
      • Network Address
      • Operating System
      • Operating System Version

      NOTE: For Network Scan, you can only apply constraints on the information the network finds, which is Name and Operating System.

    2. Select an operation:

      • Equals
      • Not Equals
      • Starts With
      • Ends With
      • Contains
    3. Type a value of up to 255 characters.

      Note: The search is case sensitive and does not allow wild cards.

  6. Click (or tap) Preview to test the conditions you have configured.

    Preview displays a list of assets Safeguard for Privileged Passwords will find in the directory or network you specified in the Information tab based on these conditions.

  7. You can add or delete search constraints:
    1. Click (or tap) Add to additional constraints to your search criteria.
    2. Click (or tap) Delete to remove the corresponding constraint from your search criteria.
  8. Click (or tap) OK to save your selections.

To add a condition (Filter Search Base) for LDAP or Active Directory

Search base limits the search to the defined branch of the specified directory, including sub containers if that option is selected. This condition is only available for a Directory discovery job (LDAP or Active Directory directories).

  1. In the Rule dialog, select Add Condition.
  2. In the Condition dialog,
    1. Find By: Choose LDAP Filter and enter the search criteria to be used. 
    2. Filter Search Location: Browse to select a container within the directory to search for assets.

      TIP: Do not select the Directory Root for asset discovery jobs.

    3. Include objects from sub containers: Optionally select this check box to search for assets in sub-containers.
  3. Click (or tap) Preview to test the conditions you have configured.
  4. Click (or tap) OK to save your selections.

To add a condition (Group) for a Directory

This condition is only available for a Directory discovery job.

  1. In the Rule dialog, select Add Condition.
  2. In the Condition dialog,
    1. Find By: Choose Group.
    2. Click (or tap) Add to launch the Group dialog.
    3. Contains: Enter a full or partial group name and click Search. You can only enter a single string (full or partial group name) at a time.

    4. Filter Search Location: Browse to select a container to search within the directory.
    5. Include objects from sub containers: Select this check box to include child objects.
    6. Select the group to add: The results of the search displays in this grid. Select one or more groups to add to the discovery job.
  3. Click (or tap) Preview to test the conditions you have configured.

    Preview displays a list of assets Safeguard for Privileged Passwords will find in the directory or network you specified in the Information tab based on these conditions.

  4. Click (or tap) OK to save your selections.
Related Documents