Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Initiating the SPP to SPS join

To intiate the join from Safeguard for Privileged Passwords (SPP) to Safeguard for Privileged Sessions (SPS) follow the steps below.

For information on monitoring and error resolution, see:

Steps:

  1. Connect to the Safeguard Sessions Appliance over SSH or log in as root on the console.
  2. Enter Join to SPP. The Sessions Appliance returns a message like: Initializing SPP Join (press Ctrl+C any time to abort)...
  3. Provide the requested information:
    1. IP address of SPP appliance (Example: 12.1.12.123)
    2. SPP username
    3. SPP password
    4. Description of this SPS (Example: SPS 89.8.89.789 on SPP 12.1.12.123)

    5. SPS username

    6. SPS password

  4. You will receive a message:
    • If the join is unsuccessful, this message displays: Request failed. Check the information provided including the credentials, IP address, and appliance certificates.
    • If the join is successful, you will see two messages:
      1. An alert displays in the user interface: Your sessions management has now switched to an external appliance and you will need to restart the desktop client. Would you like to do that now? Click OK to complete the connection and update settings and entitlement policy details.
      2. The Sessions Appliance returns a message like this: SPS successfully joined to SPP. Press ENTER to exit. Press Enter then select Logout.

  5. Click OK and reboot the system when you see this popup: Alert Your session management has now switched to an external appliance, and you will need to restart the desktop client. Would you like to do that now?

When the SPS session connection is joined, open access requests are automatically closed. When you double-click the event in the Activity Center, the event details Action is Evicted.

Sessions recorded prior to joining the Safeguard Sessions Appliances are available for playback from local storage and in accordance with the permissions of the Safeguard Passwords Appliance. When a backup is created, the state of the sessions module is saved which can be either the embedded sessions module (SPP) or the joined sessions module (SPS). Restoring a backup restores the sessions module to the state when the backup was taken, regardless of the state when the restore was started.

Reversing the SPP to SPS join

Once a Safeguard for Privileged Passwords (SPP) cluster node has been configured to use the Safeguard Sessions Appliance, it can only be reversed by a factory reset of the Safeguard Passwords Appliance. The factory reset redeploys the Safeguard Passwords Appliance session module. For more information, see Factory Reset from the desktop client.

Another way to reverse the join to Safeguard for Privileged Sessions is to restore a backup that was taken before the first join of Safeguard for Privileged Sessions (SPS).

SNMP

Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on IP networks. One Identity Safeguard for Privileged Passwords allows you to configure SNMP subscriptions for sending SNMP traps to your SNMP console when certain events occur.

Navigate to Administrative Tools | Settings | External Integration | SNMP. The SNMP pane displays the following about the SNMP subscribers defined.

Table 199: SNMP: Properties
Property Description
Network Address The IP address or FQDN of the primary SNMP network server.
Port The UDP port number for SNMP traps.
Version The SNMP version being used.
Community The SNMP community string being used by the SNMP subscriber.
Description The description of the SNMP subscriber.
# of Events The number of events selected to be sent to the SNMP console.

Use these toolbar buttons to manage the SNMP subscriptions.

Table 200: SNMP: Toolbar
Option Description
New Add a new SNMP subscription. For more information, see Configuring SNMP subscriptions.
Delete Selected

Remove the selected SNMP subscription.

Refresh Update the list of SNMP subscriptions.
Edit Modify the selected SNMP subscription.
Copy Clone the selected SNMP subscription.

Configuring SNMP subscriptions

It is the responsibility of the Appliance Administrator to configure Safeguard for Privileged Passwords to send SNMP traps to your SNMP console when certain events occur.

Note: To download Safeguard for Privileged Passwords MIB-module definitions from your appliance, enter the following URL into your web browser; no authentication is required:

https://<Appliance IP address>/docs/mib/SAFEGUARD-MIB.mib

To configure SNMP subscriptions

  1. Navigate to Administrative Tools | Settings | External Integration | SNMP.
  2. Click (or tap) New to open the SNMP subscription configuration dialog.
  3. Provide the following information:
    Network Address

    Enter the IP address or FQDN of the primary SNMP network server.

    Limit: 255 characters

    Required

    UDP Port

    Enter the UDP port number for SNMP traps.

    Default: 162

    Required

    Description

    Enter the description of the SNMP subscriber.

    Limit: 255 characters

    Events

    Browse to select one or more SNMP event types.

    Use the Clear icon to remove an individual event from this list or right-click and select Remove All to clear all events from the list.

    NOTE: The SNMP pane displays the number of events that you select, not the names of the events.

    Version

    Choose the SNMP version: Version 1 or Version 2.

    Default: Version 2.

    Community

    Enter the SNMP community string, such as "public".

    The SNMP community string is like a user ID or password that allows access to a device's statistics, such as a router. A PRTG Network Monitor sends the community string along with all SNMP requests. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device simply discards the request and does not respond.

Related Documents