Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Users

A user is a person who can log into Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Adding directory accounts to a directory.

Note: Users displayed in a faded color are disabled.

To search for a particular user, see Search box.

Your administrator permissions determine what you can view in Users. The following table shows you the tabs that are available to each type of administrator.

Table 225: Administrator permission affect what you see in Users
Administrator Available tabs
Authorizer Administrator General, History
User Administrator General, User Groups (directory users only), History
Help Desk Administrator General, History*
Auditor General, User Groups , Partitions, Entitlements, Linked Accounts, History (Read only)
Asset Administrator General, Partitions, History*
Security Policy Administrator General, User Groups , Entitlements, Linked Accounts, History*

* This administrator can only view the user object history for his or her own account.

The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Enabling or disabling a user.

The Users view displays the following information about a selected user:

Table 226: Users: Tabs
Tab Description
General tab Displays the authentication, contact information, location, and permissions for the selected user.
User Groups tab Displays the user groups in which the selected user is a member.
Partitions tab Displays the partitions over which the selected user is a delegated partition administrator.
Entitlements tab Displays the entitlements in which the selected user is a member; that is, an entitlement "user".
Linked Accounts tab

Displays the directory accounts linked to the selected user.

History tab Displays the details of each operation that has affected the selected user.

Use these toolbar buttons to manage users:

Table 227: Users: Toolbar
Option Description
Add User

Add users to Safeguard for Privileged Passwords. For more information, see Adding a user.

Delete Selected

Remove the selected user. For more information, see Deleting a user.

Refresh

Update the list of users.

Import Users

Add users to Safeguard for Privileged Passwords. For more information, see Importing objects.

User Security

Menu options include: Set Password and Unlock accounts. For more information about these options, refer to Setting a local user's password and Unlocking a user's account.

Permissions

Display the Permissions dialog showing what administrative permissions apply to the selected user.

General tab

The General tab lists information about the selected user.

Large tiles at the top of the tab display the number of User Groups, Partitions, Entitlements, and Linked Accounts associated with the selected user. Clicking a tile heading opens the corresponding tab.

NOTE: The tiles visible depend on your administrator permissions:

  • All tiles are visible to the Auditor.
  • Partitions tile is visible to Asset Administrator.
  • User Groups, Entitlements and Linked Accounts tiles are visible to Security Policy Administrator.

Table 228: Users General tab: Authentication properties
Property Description
User Name A user's display name.
Authentication Provider

How the user authenticates with Safeguard for Privileged Passwords:

  • Certificate: with a certificate
  • Local: with a user name and password
  • Directory name: with directory credentials
Domain Name

If the primary Authentication Provider is a directory, this indicates the directory's domain name.

Secondary Authentication

If you set up a user to require secondary authentication, this indicates the name of this user's secondary authentication service provider.

Secondary Authentication Username

The name of the user account on the secondary authentication service provider required at log in.

Table 229: Users General tab: Contact Information properties
Property Description
First Name The user's first name.
Last Name The user's last name.
Work Phone

The user's work telephone number.

Mobile Phone

The user's mobile telephone number.

Email Address The user's email address.

Table 230: Users General tab: Location properties
Property Description
Time Zone

The user's regional location on Earth.

Table 231: Users General tab: Permissions properties
Property Description
Permissions

Lists the user's administrator permissions or "Standard User" if user does not have administrative permissions.

Description: Information about the selected user.

Related Topics

Modifying a user

User Groups tab

The User Groups tab displays the user groups in which the selected user is a member.

Note: The User Groups tab is available to a user with Auditor or Security Policy Administrator permissions and to the User Administrator for directory users (not for local users).

Click (or tap) Add User Group from the details toolbar to add the selected user to one or more user groups.

Search: For more information, see Search box.

Table 232: Users: Users Groups tab properties
Property Description
Name

The user group name.

Type

The type of group: User Group or Directory Group.

Distinguished Name

The distinguished name of the group.

Description

Information about the selected user group.

Related Topics

Adding a user to user groups

Partitions tab

The Partitions tab displays the partitions over which the selected user is a delegated partition administrator.

Note: The Partitions tab is available to a user with Auditor or Asset Administrator permissions.

Click (or tap) Add Partition(s) from the details toolbar to delegate the selected user as an administrator to one or more partitions.

Search: For more information, see Search box.

Table 233: Users: Partitions tab properties
Property Description
Name

The partition name.

Description

Information about the selected partition.

Related Topics

Assigning a user to partitions

Related Documents