Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Access Requests

The Access Requests tab on the Dashboard allows Security Policy Administrators to review and manage access requests from a single location. Clicking one of the access request tiles across the top of the view displays additional information about the access requests belonging to that category. In addition, you can review the request workflow, launch a live session, terminate a session, or revoke a specific request.

This dashboard is available to Safeguard for Privileged Passwords users assigned the following administrative permissions:

  • Auditor: Read-only view.
  • Security Policy: Full control.

NOTE:If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, session recording is handled via Safeguard for Privileged Session.

 

Table 16: Access Requests: Tiles
Tile Description
Open Sessions Displays a list of all currently opened sessions.
Passwords Out Displays a list of all password release requests that are currently checked out.
Pending Approval Displays a list of access requests waiting for approval.
Pending Review Displays a list of access requests waiting review.
Open Requests Displays a list of all currently opened access requests, including session requests and password release requests.

Use the toolbar at the top of the details grid to perform the following tasks.

Table 17: Access Requests: Toolbar
Option Description

Workflow

Select to review the transactions that took place in the selected request. Clicking this button displays the Request Workflow dialog allowing you to audit the transactions that occurred during the request's workflow from request to approval to review.

View Live Session

Select to view a live session for the selected session request. Clicking this button launches the Safeguard for Privileged Passwords Desktop Player allowing you to follow an active session. For more information, see Safeguard Desktop Player.

Terminate Session

Select to terminate the live session for the selected session request.

Revoke Request

Select to retract the selected access request.

Export

Select to create a .csv file of the currently displayed access request grid and save it to a location of your choice.

Columns

Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the grid. Clear the check box for data to be excluded from the grid.

Viewing details

Additional detailed information is available for access requests listed in the request grids on the Access Requests view.

To see the details of an access request

  1. Double-click (or double-tap) a request to view additional details.
  2. Double-click (or double-tap) to close the request details.

    NOTE: Clicking Refresh at the top of the view also closes the details in addition to retrieving the latest access requests.

Account Automation

The Account Automation tab on the Dashboard allows Asset and Directory administrators to view information regarding accounts that are failing different types of tasks. This dashboard includes both automated and manual tasks in the failure results. Clicking one of the failure task tiles across the top of the view displays additional information about the accounts belonging to that category.

This dashboard is available to Safeguard for Privileged Passwords users assigned the following administrative permissions:

  • Asset Administrator: Full control for accounts related to all Safeguard for Privileged Passwords assets.
  • Auditor: Read-only view.
  • Delegated Partition Owner: Control for accounts related to the accounts and assets managed through delegation.
  • Directory Administrator: Full control for accounts related to the directories managed by Safeguard for Privileged Passwords.
Table 18: Account Automation: Tiles
Tile Description

Password Check Failures

Displays a list of accounts where password check tasks failed.

Password Change Failures

Displays a list of accounts where password change tasks failed.

SSH Key Change Failures

Displays a list of accounts where SSH key change tasks failed.

Suspend Account Failures

Displays a list of accounts where suspend tasks failed.

Restore Account Failures

Displays a list of accounts where restore tasks failed.

Use the toolbar at the top of the details grid to perform the following tasks.

Table 19: Account Automation: Toolbar
Option Description

Rerun task

Select to rerun the selected task.

Export

Select to create a .csv file of the currently displayed account automation grid and save it to a location of your choice.

Columns

Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the grid. Clear the check box for data to be excluded from the grid.

Activity Center

The Activity Center is the place to go to view the details of specific events or user activity. The appliance records all activities performed within One Identity Safeguard for Privileged Passwords. Any administrator has access to the audit log information; however, your administrator permission set determines what audit data you can access. For more information, see Administrator permissions.

The toolbar at the top of the main Activity Center page contains these options.

Table 20: Activity Center: Main page toolbar
Option Description
Clear Resets the current search criteria back to the default settings (all activity occurring within the last 24 hours.)
Schedule Allows you to define when the activity audit log report is to be generated and sent via email. For more information, see Scheduling an activity audit log report.
Open Allows you to access previously saved search and scheduled reports.
Save Saves the current search criteria which can be used later to generate the report. For more information, see Saving search criteria.
Run Generates an activity audit log report based on the search criteria specified.

In addition, query tiles display the criteria you have applied to search the activity data. By default, only the Activity category and Time frame tiles display. Use the Add button to specify additional query criteria to retrieve the information you are looking for. For more information, see Applying search criteria.

Once an activity audit log report is generated, the results page contains the search results grid and these toolbar options.

Table 21: Activity Center: Results page toolbar
Option Description

Back takes you back to the query page where you can modify the search criteria.

Refresh closes the details and updates the search results page.

Related Documents