Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Deleting a managed network

To delete a managed network

  1. Navigate to Administrative Tools | Settings | Cluster | Managed Networks.
  2. Select the managed network to be deleted, click (or tap) Delete.
  3. In the confirmation dialog, click (or tap) Yes.

Resolving IP address

As an Appliance Administrator you can use the Managed Networks page to search for an IP address within a managed network's list of subnets.

To find an IP address in a managed network

  1. Navigate to Administrative Tools | Settings | Cluster | Managed Networks.
  2. In the Resolve Network search box, type the IP address, and press Enter.

    The managed network that contains the subnet that most closely matches the IP address is highlighted. If there are no subnets that match the IP address, the Default Managed Network is highlighted.

External Integration settings

The Appliance Administrator can configure the appliance to send event notifications to various external systems, the integration with an external ticketing system, and configure both external and secondary authentication service providers. However, it is the Security Policy Administrator's responsibility to configure the Approval Anywhere feature.

Navigate to Administrative Tools | Settings | External Integration.

Table 184: External Integration settings
Setting Description

Application to Application

Where you configure application registrations to use the Application to Application service, which allows third-party applications to retrieve credentials from Safeguard for Privileged Passwords.

Approval Anywhere

Where you define the Safeguard for Privileged Passwords users who are authorized to use Approval Anywhere to approve access requests.

Email

Where you configure Safeguard for Privileged Passwords to automatically send email notifications when certain events occur.

Identity and Authentication

Where you configure the identity providers and authentication providers to use when logging into Safeguard for Privileged Passwords.

SNMP

Where you configure Safeguard for Privileged Passwords to send SNMP traps to your SNMP console when certain events occur.

Starling

Where you join Safeguard for Privileged Passwords to Starling to take advantage of other Starling services, such as Starling Two-Factor Authentication and Starling Identity Analytics & Risk Intelligence.

Syslog

Where you configure Safeguard for Privileged Passwords to send event notifications to a syslog server with details about the event.

Ticketing

Where you configure Safeguard for Privileged Passwords to integrate with your company's external ticket system.

Sessions management

Where you can view the Sessions Appliances that are joined and have a session connection. You can edit or delete the joined Sessions Appliance connection.

Application to Application

In order for third-party applications to use the Application to Application service to integrate with the Safeguard for Privileged Passwords vault, you must first register the application in Safeguard for Privileged Passwords. This can be done using the Administrative Tools | Settings | External Integration | Application to Application pane.

The Application to Application pane displays a list of previously registered third-party applications. From this page, the Security Policy Administrator can add new application registrations, and modify or remove existing registrations.

The Application to Application pane displays the following details about application registrations.

Table 185: Application to Application: Properties
Property Description

Name

The name assigned to the application's registration.

Certificate User

The name of the certificate user associated with the registered application.

NOTE: If there is no certificate user listed for an application registration, contact your Security Policy Administrator to add one. The Application to Application service on the third-party application will not work with the Safeguard for Privileged Passwords vault until a certificate user has been specified.

Enable/Disable

Indicates whether the application registration is enabled. The toggle appears blue with the switch to the right when a registration is enabled and gray with the switch to the left when a registration is disabled. Click (or tap) the toggle to enable or disable an application registration.

NOTE: When an application registration is disabled, Application to Application access is disabled for that third-party application until the registration is enabled again.

Description

Information about the application's registration.

Use these toolbar buttons to manage application registrations.

Table 186: Application to Application: Toolbar
Option Description

Add

Add an application registration to Safeguard for Privileged Passwords. For more information, see Adding an application registration.

Delete Selected

Remove the selected application registration from Safeguard for Privileged Passwords. For more information, see Deleting an application registration.

Refresh

Update the list of application registrations.

Edit

Modify the selected application registration.

API Keys

Display the API keys that were generated for Access Request Broker or Credential Retrieval. An API key can then be copied and used in the third-party application to authenticate with Safeguard for Privileged Passwords.

NOTE: For credential retrieval, the registration process generates an API key for each managed account. However, for access request broker, the registration process generates a single API key for all users or user groups that are added.

Related Documents