Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Enabling Lights Out Management

It is the responsibility of the Appliance Administrator to enable and configure the Lights Out Management feature.

NOTE: When Lights Out Management is enabled, the Appliance Administrator can set or change the password and modify the network information for the baseboard management console (BMC). When disabled, Safeguard for Privileged Passwords immediately resets the password to a random value and resets the network settings to default values.

To enable Lights Out Management

  1. Navigate to Administrative Tools | Settings | Appliance | Lights Out Management (BMC).
  2. Click (or tap) the Enable Lights Out Management toggle to enable this feature.
  3. Enter the following information about the BMC:
    1. IP address: The IPv4 address of the host machine.
    2. Netmask: The network mask IPv4 address.
    3. Default Gateway: The default gateway IPv4 address.
  4. Click (or tap) the Set BMC Admin Password button to set the password for the host machine.

    Maximum password length: 20 characters.

    NOTE: If this feature was previously enabled, you will see an Update BMC Admin Password button instead. Optionally, click (or tap) the Update BMC Admin Password button to reset the password for the host machine.

  5. Click (or tap) OK to save the settings on the host machine.

Networking

Use the Networking pane to view and configure the primary network interface, and if applicable, a proxy server to relay web traffic, and the sessions network interface.

It is the responsibility of the Appliance Administrator to ensure the network interfaces are configured correctly. Click (or tap) the Edit icon next to the Network Interface or Proxy Server heading to edit or configure the network properties.

Navigate to Administrative Tools | Settings | Appliance | Networking.

Network Interface X0 (primary interface)
Table 146: Network Interface X0 properties
Property Description
MAC Address The media access control address (MAC address), a unique identifier assigned to the network interface for communications.
IP Address

The IPv4 address of the network interface.

Netmask The IPv4 network mask.
Default Gateway The IPv4 default gateway.
IPv6 Address The IPv6 address of the network interface.
IPv6 Prefix Length The IPv6 subnet prefix length.
IPv6 Gateway The IPv6 default gateway.
DNS Servers The IP address for the primary DNS servers.
DNS Suffixes

The network suffixes for the DNS servers.

NOTE: You can modify the network suffixes for the DNS servers by clicking the Edit icon next to the Network Interface X0 heading.

Proxy Server X0

The Proxy Server X0 settings must be configured if your company policies do not allow devices to connect directly to the web. Once configured, Safeguard for Privileged Passwords uses the configured proxy server for outbound web requests to external integrated services, such as Starling.

NOTE: Only HTTP web proxy is supported.

Table 147: Proxy Server X0 properties

Property

Description

Proxy URI

The IP address or DNS name of the proxy server.

Required

Port

The port number used by the proxy server to listen for HTTP requests.

Required

Value: Integer from 1 to 65535.

NOTE: If different ports are specified in the proxy URI and the Port field, the Port field takes precedence.

Username

The user name used to connect to the proxy server.

NOTE: The username and password are only required if your proxy server requires them to be specified.

Password

The password required to connect to the proxy server.

NOTE: The username and password are only required if your proxy server requires them to be specified.

Network Interface X1 (sessions interface)

NOTE: If one or more Safeguard Sessions Appliances are joined to Safeguard for Privileged Passwords, X1 is not available in Safeguard for Privileged Passwords.

Table 148: Network Interface X1 properties
Property Description
MAC Address The MAC address, a unique identifier assigned to the session interface for communications.
IP Address

The IPv4 address of the session interface.

Netmask The IPv4 network mask.
Default Gateway The IPv4 default gateway.
IPv6 Address The IPv6 address of the session interface.
IPv6 Prefix Length The IPv6 subnet prefix length.
IPv6 Gateway The IPv6 default gateway.
DNS Servers The IP address for the primary DNS servers.
DNS Suffixes The network suffixes for the DNS servers.

Support Bundle

To analyze and diagnose issues, One Identity Support may ask the Appliance Administrator or Operations Administrator to send a support bundle containing system and configuration information.

Note: As an alternative, you can use the recovery kiosk to generate and send a support bundle to a Windows share. For more information, see Recovery kiosk.

To create a support bundle

  1. Navigate to Administrative Tools | Settings | Appliance | Support Bundle.
  2. If you have the Privileged Sessions module licensed, select the Include Session Log check box if you want to include the Sessions debug log in the support bundle.
  3. Click (or tap) Generate Support Bundle.
  4. Browse to select a location to save the support bundle .zip file and click (or tap) Save.
  5. Send the support bundle to One Identity Support. For more information, see About us.
Related Topics

Troubleshooting

Frequently asked questions

Time

Time displays the current appliance time and allows you to enable Network Time Protocol (NTP) and set the primary and secondary NTP servers. In addition, when enabled, the NTP client status can be displayed.

It is the responsibility of the Appliance Administrator to manage the appliance time.

Note: A warning will appear if your local time is not within 5 minutes of the appliance time. One Identity recommends that you set an NTP server to eliminate possible time-related issues.

NOTE: Clustered environments: NTP setting changes are made on the primary appliance in a cluster. When a replica appliance is enrolled into the cluster, it points to the primary appliance's VPN IP address as the Primary NTP Server and the NTP client service is enabled on the replica appliance. When performing a failover operation to promote a replica to be the new primary, the Primary NTP Server is preserved and applied from the 'old' primary appliance.

To enable Network Time Protocol (NTP) and set the primary and secondary NTP servers

  1. Navigate to Administrative Tools | Settings | Appliance | Time.
  2. Select the Enable Network Time Protocol (NTP) check box to enable NTP.
  3. Provide the following information:

    • Primary NTP Server: Enter the IP address or DNS name of the primary NTP server.
    • Secondary NTP Server: (Optional) Enter the IP address or DNS name of the secondary NTP server.
  4. Click (or tap) OK to save your selections.

    When NTP is enabled, the following information about the NTP client status is displayed:

    • Last Sync Time
    • Leap Indicator
    • Poll Interval
    • Precision
    • Reference ID
    • Root Delay
    • Root Dispersion
    • Source
    • Stratum

    NOTE: Select Show Details and Hide Details to display more or less information.

Related Topics

How do I set the appliance system time

Related Documents