Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Audit Log Management

Safeguard for Privileged Passwords allows you to define and schedule an audit log management task to purge audit logs from the Safeguard for Privileged Passwords Appliance and archive older audit logs to a designated archive server. Archiving audit logs allows you to keep critical and relevant data online and current while eliminating or archiving audit logs that are no longer required.

Navigate to Administrative Tools | Settings | Backup and Retention | Audit Log Management. Use the Audit Log Management page on the Backup and Retention settings view to define and schedule when to perform an audit log archival task.

Backup and Restore

It is the responsibility of the Appliance Administrator to manage Safeguard for Privileged Passwords backups.

NOTE: When a backup is created, the state of the sessions module is saved which can be either the embedded sessions module (SPP) or the joined sessions module (SPS). Restoring a backup restores the sessions module to the state when the backup was taken, regardless of the state when the restore was started.

Navigate to Administrative Tools | Settings | Backup and Retention | Safeguard Backup and Restore.

The Safeguard for Privileged Passwords Backup and Restore page lists this information for the backups that are currently in the database.

Table 167: Safeguard for Privileged Passwords Backup and Restore: Properties
Property Description
Date The date of the backup.
Time The time of the backup.
Progress

The status of the backup: Running or Complete.

File Size (MB) The size of the backup file in megabytes.
Appliance Name The name of the appliance.
Appliance Version The version of the Safeguard for Privileged Passwords Appliance.
User

The name of the user that created the backup.

Last Archived Date The date the selected backup ran.
Archive Server Name The name of the server on which the backup was archived.

Use these toolbar buttons to manage Safeguard for Privileged Passwords backups.

Table 168: Safeguard for Privileged Passwords Backup and Restore: Toolbar
Option Description
Run Now

Create a backup copy of the data that is currently on the appliance.

Delete

Remove the selected backup file from the Backups page and the Safeguard for Privileged Passwords database.

Refresh

Update the list of backup files on the Backups page.

Settings Where you configure an automatic backup schedule.
Download

Save the selected backup file in a location on your appliance.

Upload

Retrieve a backup file from a file location and add it to the Backups page list.

Restore

Overwrite the current data and restore Safeguard for Privileged Passwords to the selected backup.

Archive

Store a backup file on an external archive server. For more information, see Archive backup.

TIP: As a best practice, store backups on an archive server that is external from the appliance so that the backup image is available for restoration even if there is a catastrophic disk or hardware failure. Keep only a minimum number of backup files on the appliance. After you download or archive the backup files, use Delete to remove them from the desktop client application. You can set the maximum number of backup files you want Safeguard for Privileged Passwords to retain on the appliance in Backup and Retention settings.

Run Now

To create a new backup

  1. Navigate to Administrative Tools | Settings | Backup and Retention | Safeguard Backup and Restore.
  2. Click (or tap)  Run Now.

    Safeguard for Privileged Passwords makes a copy of the current database.

Caution: If you restore a backup that is older than the Maximum Password Age set in the Login Control settings, all user accounts (including the bootstrap administrator) will be locked out and you will have to reset all of the user account passwords. To avoid this situation, you can reset the Maximum Password Age to zero before you perform the backup, then reset it after the restore.

TIP: As a best practice, perform backups more frequently than the Maximum Password Age setting.

Caution: Safeguard for Privileged Passwords can not restore any access request workflow events in process at the time of a backup.

Backup settings

Settings is where you configure an automatic backup schedule.

To schedule backups

  1. Navigate to Administrative Tools | Settings | Backup and Retention | Safeguard Backup and Restore.
  2. Click (or tap)  Settings.
  3. In the Backup Settings dialog, specify the backup schedule:
    1. Interval: Choose Never, Minute, Hour, Day, Week, or Month.

      NOTE: Best Practice: Do not use the Minute interval.

    2. Time of day: Set the start time.
    3. Repeat interval: Select the interval at which you would like to repeat the backup task.
    4. If Weekly, select which days of the week the backup task is to run.
    5. If Monthly, set the recurrence pattern. Select one of the following options and specify the monthly repeat interval:

      • Day of month
      • Week of month | Day of week

      TIP: If you schedule a backup and a backup has already occurred for that interval (Minute, Hour, Day, Week, or Month), Safeguard for Privileged Passwords will not execute another backup until the following minute, hour, day, week, or month. For example, if a backup has already occurred today and you set the backup schedule to run a daily backup, Safeguard for Privileged Passwords will not run the backup until tomorrow.

    6. Time Zone: Select the time zone.
    7. Select Send to archive server to store the backup files externally from the appliance.

      Note: This option is only available if you have configured an archive server. For more information, see Adding an archive server.

You configure the maximum number of backup files you want Safeguard for Privileged Passwords to store on the appliance on the Backup retention page.

Related Documents