Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - User Guide

Home

When you log into Safeguard for Privileged Passwords, you begin your session on the Home page. The Message of the Day displays on the right side. The rest of the Home page is tailored to your user rights and permissions. If you are authorized by an entitlement to request, approve, or review access requests, then your Home page gives you a quick view to the access request tasks that need your immediate attention.

NOTE: You can turn Requests, Approvals, and Reviews widgets on or off in Settings.

NOTE: The Appliance Administrator sets the Message of the Day.

Requester's Home page view

Click (or tap) the New Request tile to open the New Access Request dialog which lists the assets and accounts you are authorized to access. From this dialog you specify the assets, accounts and the type of access you are requesting, and additional details about the request.

For more information, see:

Expand Requests to view the requests awaiting action.

For more information, see:

The Favorites pane (right pane) displays a list of requests you have marked as a "favorite", providing a quick way to request access.

Use the toolbar buttons at the top of the Favorites pane to manage your favorite requests.

Table 10: Favorites pane: Action bar buttons
Button Description

New Favorite

Select this button to create a new favorite request. Clicking this button displays the New Access Request dialog allowing you to select the assets, accounts, type of access, and additional details about the request.

Select this button to display additional options for managing your favorite requests:

  • Request Selected
  • Color Selected
  • Remove Selected

TIP: Select the check box to the left of a favorite request to use these additional buttons. Selecting the request itself will launch the New Access Request dialog allowing you to edit and submit the request.

To submit a favorite request, click the request or select the check box to the left of a request and select Request Selected. The New Access Request dialog displays allowing you to edit your selections or enter a required reason or comment before submitting it.

For more information, see:

Approver's Home page view

Your job is to approve or deny the access requests listed on your Home page. Expand Approvals to view the requests awaiting your approval.

For more information, refer to these topics:

NOTE: As an "approver" user, unless you are also designated as a requester, you will see no favorites listed.
Reviewer's Home page view

Your job is to review completed access requests listed on your Home page. Expand Reviews to view the completed requests requiring your review.

For more information, refer to these topics:

NOTE: As a "reviewer" user, unless you are also designated as a requester, you will see no favorites listed.

Search box

The search box located at the top of the object list pane can be used to filter the data being displayed. When you enter a text string into the search box, the results include items that have a string attribute that "contains" the text that was entered.

NOTE: This same basic search functionality is also available for many of the detail panes and selection dialogs allowing you to filter the data displayed in the associated pane or dialog.

When searching for objects in the object lists, an attribute search functionality is also available where you can filter the results, based on a specific attribute. That is, the search term matches if the specified attribute "contains" the text. To perform an attribute search, click the icon to select the attribute to be searched.

Rules for using the search functionality:

  • Search strings are not case sensitive.
  • Wild cards are not allowed.
  • Try using quotes and omitting quotes. As you use the product, you will become familiar with the search requirements for the search fields you frequent. Safeguard may perform a general search (for example, omits quotes) or a literal search (for example, includes quotes). Example scenarios follow:

    • On the Settings pane, search strings must be an exact match because a literal search is performed. Do not add quotes or underlines. For example, from the Settings pane, enter password rules to return Safeguard Access > Password Rules. If you enter "password rules" or password_rules, the following message is returned: No matches found.
    • On the Users pane search box:

      • A general search does not return anything if you use quotes because it uses a literal search (searches for the quotes). For example: searching for "ab_misc2" returns the message: There is nothing to show here.
      • You can use quotes in an attribute search if there are spaces in the search name. For example, entering the following in the search box Username: "ab_misc2" returns: AB_misc2.
  • When multiple search strings are included, all search criteria must be met in order for an object to be included in the results list.
  • When you combine a basic search and an attribute search, the order they are entered into the search box matters. The attribute searches can be in any order, but the basic search must come after the attribute searches.
  • In large environments, you will see a result number to tell you how many objects match the criteria; however, only the first 200 objects will be retrieved from the server. When you scroll down the list, more objects will be retrieved (paged) as needed.

To search for accounts

  1. Enter a text string in the Search box. As you type, the list displays items whose string attributes contain the text that was entered.

    For example, enter T in the search box to search for items that contain the letter "T", or enter sse to list all items that contain the string "sse", such as "Asset".

    Note: The status bar along the bottom of the console shows the number of items returned.

  2. To clear the search criteria, click (or tap)  Clear.

    When you clear the search criteria, the original list of objects are displayed.

To conduct an attribute search

The attributes available for searching are dependent on the type of object being searched. The search drop-down menu lists the attributes that can be selected.

  1. Click (or tap) the icon and select the attribute to be searched.

    The selected attribute is added to the search box. For example, if you select Last Name, LastName: is added to the search box.

  2. In the search box, enter the text string after the colon in the attribute label.

    NOTE: You can specify multiple attributes, repeating these steps to add an additional attribute to the search box. Do not add punctuation marks, such as commas or colons to separate the different attributes. When multiple attributes are included, all search criteria must be met in order for an object to be included in the results list.

    As you type, the list displays items whose selected attributes contain the text that was entered.

    Note: The status bar along the bottom of the console shows the number of items returned.

  3. To clear the search criteria, click (or tap) Clear.

    When you clear the search criteria, the original list of objects are displayed.

Privileged access requests

One Identity Safeguard for Privileged Passwords provides a workflow engine that supports time restrictions, multiple approvers, reviewers, emergency access, and expiration of policy. It also includes the ability to input reason codes and integrate directly with ticketing systems.

In order for a request to progress through the workflow process, authorized users perform "assigned" tasks. These tasks are performed from the user's Home page in the desktop client or web client.

As a Safeguard for Privileged Passwords user, your Home page provides a quick view to the access request tasks that need your immediate attention. In addition, Safeguard for Privileged Passwords can be configured to alert you when you have pending tasks awaiting your attention. For more information, see Configuring alerts.

The access request tasks you see on your Home page depend on the rights and permissions you have been assigned by an entitlement's access request policies. For example:

  • Designated "requesters" see tasks related to submitting new access requests, as well as actions to be taken once a request has been approved (for example, viewing passwords, copying passwords, launching sessions and checking in completed requests).

    Requesters can also define favorite requests, which then appear on their Home page for subsequent use. For more information, see Creating, editing, or removing a favorite request.

  • Designated "approvers" see tasks related to approving (or denying) and revoking access requests.
  • Designated "reviewers" see tasks related to reviewing completed (checked in) access requests, including playing back a session if session recording is enabled.

Password release requests and session requests use the same workflow engine; however, the actions taken on a session request are slightly different than those taken on a password release request. Therefore, we will cover each of these access request workflows separately:

Creating, editing, or removing a favorite request

If designated as a requester, Safeguard for Privileged Passwords allows you to add an access request as a Favorite to your Home page.

Note: Favorites are unique for the user; they are available when you log into the desktop client or the web client.

You can create a favorite request from your Favorites pane on your Home page or from the New Access Request dialog when creating or editing an access request.

To create a favorite request from your Home page

  1. In the Favorites pane, click (or tap) New Favorite.
  2. In the New Access Request dialog, specify the assets, accounts, and type of asset to be included in the access request.

    1. On the Asset Selection tab, select the assets to be included in the access request.
    2. On the Account & Access Type tab, select the accounts to be included in the access request and the type of access being requested for each selected account.

      • Account: The available account appears in the Account column. When an asset has multiple accounts available, click (or tap) Select Account(s) to select an account from the displayed list.
      • Access Type: The type of access request appears in the Access Type column. When multiple access request types are available, this value appears as a hyperlink. Click (or tap) this hyperlink to select the access type.
  3. Click (or tap) the Add to Favorites button .
  4. In the Add to Favorites dialog, specify the following:

    1. Name: Enter a name for the request.

      Required

    2. Description: Enter descriptive text about the request.
    3. Color: Select the icon color to be used to display the request in your Favorites pane.

    Click (or tap) Add.

    The dialogs will close and the new favorite will be added to the Favorites pane on your Home page.

To create a favorite request from the New Access Request dialog

  1. At the bottom of the New Access Request dialog, click (or tap) the Add to Favorites button when you are creating a new request.

    NOTE: The Add to Favorites button is enabled when you have selected the minimum required information (that is, at least one asset, account, and an access type) for the access request.

  2. In the Add to Favorites dialog, specify the following:

    1. Name: Enter a name for the request.

      Required

    2. Description: Enter descriptive text about the request.
    3. Color: Select the icon color to be used to display the request in your Favorites list.

    Click (or tap) Add.

To change a favorite request's icon color

  1. At the top of the Favorites pane, click (or tap) the button to display the Color Selected button.
  2. Select the check box to the left of the favorite request to be changed.

    NOTE: Selecting a favorite request, instead of the check box, displays the New Access Request dialog to edit and submit the access request.

  3. Click (or tap) Color Selected.
  4. In the Settings dialog, choose a color and select OK.

    The icon for the favorite now appears in the color you selected.

To remove a favorite request

  1. At the top of the Favorites pane, click (or tap) the button to display the Remove Selected button.

  2. Select the check box to the left of the favorite request to be removed.

    NOTE: Selecting a favorite request, instead of the check box, displays the New Access Request dialog to edit and submit the access request.

  3. Click (or tap) the Remove Selected button.
  4. Select Yes to confirm.
Related Documents