Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Password Rules

Password rules define the complexity requirements for user authentication to Safeguard for Privileged Passwords. Some companies suggest or impose requirements on what type of password a user can create, such as:

  • The use of both upper- and lower-case letters.
  • Inclusion of one or more numerical digits.
  • Inclusion of special characters, such as @, #, $ and so forth.

Note: These rules only apply to local users; they do not impact users accessing Safeguard for Privileged Passwords from an external provider such as Microsoft Active Directory. The password rules are listed in the Set password dialog. For more information, see Setting a local user's password.

Related Topics

Access settings

Modifying user password requirements

Account Password Rules

Modifying user password requirements

It is the responsibility of the Authorizer Administrator to configure the user password rules.

To configure user password rules

  1. Navigate to Administrative Tools | Settings | Safeguard for Privileged Passwords Access | Password Rules.
  2. Set the Password Length from 3 to 255 characters.

    Default: 6 to 64 characters

    Note: The maximum length must be equal to or greater than the sum of minimum characters described in the next step.

  3. Set the character Requirements:
    First Character Type

    Choose one of the following:

    • All: Alphabetical, numeric, or symbols
    • Alphanumeric: Alphabetical or numeric
    • Alphabetic: Only alphabetical characters

    Default: All

    Last Character Type

    Choose one of the following:

    • All: Alphabetical, numeric, or symbols
    • Alphanumeric: Alphabetical or numeric
    • Alphabetic: Only alphabetical characters

    Default: All

    Allow Consecutively Repeated Characters

    Select this option to allow a user to create a password with consecutively repeated characters.

    NOTE: Clear this option to disallow consecutively repeated characters.

    Default: Allowed

    Allow Uppercase

    Select this option to allow Safeguard for Privileged Passwords to create a password with uppercase characters.

    Set the minimum number of required uppercase characters, or set it to zero if there is no minimum requirement.

    NOTE: Clear this option to disallow uppercase characters.

    Default: Require a minimum of 1.

    Allow Lowercase

    Select this option to allow a user to create a password with lowercase characters.

    Set the minimum number of required lowercase characters, or set it to zero if there is no minimum requirement.

    NOTE: Clear this option to disallow lowercase characters.

    Default: Require a minimum of 1.

    Allow Numeric (0-9)

    Select this option to allow a user to create a password with numeric characters.

    Set the minimum number of required numeric characters, or set it to zero if there is no minimum requirement.

    NOTE: Clear this option to disallow numeric characters.

    Default: Require a minimum of 1.

    Allow Symbols (e.g @ # $ % &)

    Select this option to allow a user to create a password with special characters.

    Set the minimum number of required symbolic characters, or set it to zero if there is no minimum requirement.

    NOTE: Clear this option to disallow special characters.

    Default: Not allowed

    Valid Symbols

    Enter allowable special characters, such as: ~!@#$%^*()_+-=;'?/\|><.,`[]{}.

    NOTE: You must have the Allow Symbols option selected to enable this box.

Sessions settings

 

NOTE:If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, sessions configuration is handled via Safeguard for Privileged Session.

One Identity Safeguard for Privileged Passwords enables you to issue privileged access to users for a specific period or session and gives you the ability to record, archive, and replay user sessions so that your company can meet its auditing and compliance requirements.

It is the responsibility of the Appliance Administrator to configure the One Identity Safeguard for Privileged Passwords Privileged Sessions settings.

Navigate to Administrative Tools | Settings | Sessions.

Table 220: Sessions settings
Setting Description
Session Recordings Storage Management Where you assign an archive server to an appliance for storing session recordings produced by that appliance.
Sessions Module Where you can view the current status of the sessions module, enable debug logging and reset the sessions module if the Privileged Sessions module is not responding and users cannot connect to their target systems.
SSH Banner

Where you define the banner text shown to session users notifying them that they are being recorded.

SSH Host Key Where you specify the SSH key to be used for authentication to an SSH session.

Session Recordings Storage Management

NOTE:If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, sessions configuration is handled via Safeguard for Privileged Session.

One Identity Safeguard for Privileged Passwords provides the ability to immediately archive session recordings from a specific Safeguard for Privileged Passwords Appliance to a specified archive target. When an archive server is configured, session recordings for that appliance are removed from the Safeguard for Privileged Passwords Appliance and stored on the archive server. Use the Session Recordings Storage Management pane to assign archive servers to your Safeguard for Privileged Passwords Appliances.

IMPORTANT: When storing session recordings locally, once the local storage reaches capacity, the oldest recordings will be deleted. When storing session recordings to an archive server, the session recording is archived to the designated server immediately upon completion. As soon as the recording is copied to the archive server, it is removed from the appliance storage.

Safeguard for Privileged Passwords allows you to play back a recording that is stored locally or on the archive server. However, if you are playing back a recording that is stored on an archive server you will need to download it before you can play it. For more information, see Replaying a session.

Navigate to Administrative Tools | Settings | Sessions | Sessions Recordings Storage Management.

Table 221: Session Recordings Storage Management: Properties
Property Description
Appliance ID

The ID assigned to an appliance.

Archive Server Name The name of the designated archive server.

Use these toolbar buttons to manage archive server configurations for session recordings.

Table 222: Session Recordings Storage Management: Toolbar
Option Description

Refresh

Update the list of designated archive servers being used to archive session recordings.

Assign Archive Server to Appliance

Specify the archive server to be associated with the selected appliance. Clicking this button displays the Archive Servers dialog allowing you to select the archive server where session recordings are to be stored for the selected appliance. For more information, see Assigning an archive server to an appliance.

Unassign Archive Server from Appliance

Unassign the specified archive server from the selected appliance.

Related Documents