Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Managing asset discovery jobs

To add, modify, or run asset discovery jobs

  1. Navigate to Administrative Tools | Assets.
  2. From Assets, click (or tap) the  Discovery toolbar button.
  3. Use these buttons on the Asset Discovery Jobs dialog to manage discovery jobs.
    Add Add an asset discovery job. For more information, see Creating an asset discovery job.
    Delete Selected Remove the selected asset discovery job.
    Refresh Update the list of asset discovery jobs.
    Edit Modify the selected asset discovery job.
    Run Now Run the selected asset discovery job.
    Cancel Running Job Stop the running asset discovery job.
  4. After a discovery job runs, the right pane allows you to view:
    # Assets Found

    The number of asset found during the discovery job.

    Last Run Date

    The date the selected discovery job ran.

    Last Run Time

    The time the selected discovery job ran.

    Started By

    The user or process that initiated the discovery job.

    Schedule

    The frequency and time the selected discovery job is configured to run.

    Next Run Date

    The date when the discovery job is scheduled to run next.

    Next Run Time

    The time when the discovery job is scheduled to run next.

    Details

    Click (or tap) Details to view the name and network address of the assets the selected discovery job found.

    History

    Click (or tap) History to view the results of a previous run of the selected job. Double-click (or double-tap) a job to open the details for it.

    NOTE: You can also search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the asset discovery events in the Asset Discovery Activity category.

Importing objects

Safeguard for Privileged Passwords allows you to import a .csv file containing a set of accounts, assets, or users.

To import a set of objects

  1. Click (or tap)  Import from the toolbar.
  2. In the Import dialog, Browse to select an existing .csv file containing a list of objects to import.

    Note: For assistance in creating an import file, click (or tap) CSV Template Assistant. For more information, see Creating an import file.

  3. When importing assets, the Discover SSH Host Keys option is selected by default indicating that Safeguard will retrieve the required SSH host key for the assets specified in the CSV file.
  4. Click (or tap) OK.

    Safeguard for Privileged Passwords imports the objects into its database.

    Note: Safeguard for Privileged Passwords does not add an object if any column contains invalid data in the .csv file with the follow exceptions:

    • Assets PlatformDisplayName property.
      1. If Safeguard for Privileged Passwords does not find an exact match, it looks for a partial match. If it finds a partial match it supplies the <platform> Other platform, such as "Other Linux".
      2. If it does not find a partial match, it supplies the Other platform type.
    • Users TimeZoneId property.
      1. If Safeguard for Privileged Passwords does not find a valid TimeZoneId property (that is, does not find an exact match or no timezone was provided), it uses the local workstation's current timezone.

        Note: Do not enter numbers or abbreviations for the TimeZoneId.

    • Users Password property.
      1. Safeguard for Privileged Passwords adds a user without validating the password you provide.
  5. Navigate to the Tasks pane in the Toolbox for details about the import process and invalid data messages. For more information, see Viewing task status.

Downloading a public SSH key

When you add an asset and select the Automatically Generate the SSH Key (SSH Key Generation and Deployment setting on the Connection page in the Asset dialog), Safeguard for Privileged Passwords allows you to download the SSH key so that you can manually install it on the asset.

To download a public SSH key

  1. Navigate to Administrative Tools | Assets.
  2. In Assets, select an asset that has an SSH key authentication type.
  3. Click (or tap) the Download SSH Key from the toolbar or the context menu.

    -OR-

    Open the asset's Connection settings and select Download SSH Key.

  4. In the Save As dialog, specify the drive, directory, and name of the file to save.

You can manually install this public key to an asset.

Asset Groups

A Safeguard for Privileged Passwords asset group is a set of assets which you can add to the scope of an access request policy. For more information, see Creating an access request policy.

The Auditor and the Security Policy Administrator have permission to access Asset Groups.

The Asset Groups view displays the following information about the selected asset group.

Table 73: Asset Groups: Tabs
Tab Description
General tab Displays general information about the selected asset group.
Assets tab Displays the assets associated with the selected asset group.
Access Request Policies tab Displays the entitlements and access request policies associated with the selected asset group.
History tab Displays the details of each operation that has affected the selected asset group.

Use these toolbar buttons to manage asset groups.

Table 74: Asset Groups: Toolbar
Option Description

Add | Asset Group

Add asset groups to Safeguard for Privileged Passwords. For more information, see Adding an asset group.

Add | Dynamic Asset Group

Add dynamic asset groups to Safeguard for Privileged Passwords. For more information, see Adding a dynamic asset group.
Delete Selected

Remove the selected asset group from Safeguard for Privileged Passwords. For more information, see Deleting an asset group.

Refresh Update the list of asset groups.
Related Documents