One Identity Safeguard 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

How do I setup discovery jobs

Safeguard for Privileged Passwords allows you to configure these types of discovery jobs to automatically add assets and accounts.

Table 274: Safeguard for Privileged Passwords Discovery types
Discovery job Description
Asset discovery

Asset discovery jobs run automatically against the directories you have added to Safeguard for Privileged Passwords. For more information, see Asset discovery job workflow.

Account discovery Account discovery jobs run automatically against the assets that are in the scope of a partition profile. For more information, see Account and service discovery job workflow.
Directory account discovery Directory account discovery jobs run automatically each time Safeguard for Privileged Passwords synchronizes the directory. For more information, see Directory account discovery job workflow.

Asset discovery job workflow

Safeguard for Privileged Passwords's asset discovery jobs run automatically against the directories you have added to Safeguard for Privileged Passwords. For more information, see Discovery.

To configure and schedule rules that perform asset discovery jobs

  1. Create an asset discovery job. For more information, see Creating an asset discovery job.
  2. After you save the discovery job, you can test it by selecting Run Now. For more information, see Managing asset discovery jobs.
  3. After the asset discovery job runs, navigate to Assets, right-click (or press and hold) an asset and choose one of these context menu options:

    Manage

    Select to manage an "ignored" asset.

    This option is only available for assets that have been ignored.

    Ignore

    Select to prevent Safeguard for Privileged Passwords from managing the selected asset.

    NOTE: When you ignore an asset, Safeguard for Privileged Passwords disables it and removes all associated accounts. If you choose to Manage the asset later, Safeguard for Privileged Passwords re-enables all the associated accounts.

  4. To show or hide assets marked as "Ignore", use these buttons:
    Show Ignored Display the hidden assets.
    Hide Ignored Hide assets marked as "Ignore".
  5. Search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the asset discovery events in the Asset Discovery Activity category.

Related topic:

Assets

Account and service discovery job workflow

Safeguard for Privileged Passwords's account discovery jobs run automatically against the assets that are in the scope of a partition profile. For more information, see About profiles.

Note:

Safeguard for Privileged Passwords supports account discovery on the following platforms:

  • AIX
  • HP-UX
  • Linux
  • MAC OS X
  • Solaris
  • Windows

To configure and schedule rules that perform discovery jobs

  1. Create a partition. For more information, see Adding a partition or Adding a directory.
  2. Create an account discovery job. For more information, see Account Discovery.
  3. Create a profile. (For more information, see Creating a partition profile or Creating a directory profile.

    Note: All profiles run the configured account discovery jobs on the assets that are assigned to the scope of the profile, according to the account discovery setting's schedule.

  4. After the account discovery job runs, you can mark the managed accounts. Open the partition's Discovered Accounts tab:

      • Click  Ignore to prevent Safeguard for Privileged Passwords from managing the selected account.
      • Click  Manage to add the selected account to the selected partition and assign it to the scope of the default profile.

      Note: The discovery job finds all accounts that match the discovery rule's criteria regardless of whether it has been marked Ignore or Manage in the past.

  5. Search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the account discovery events in the Account Discovery Activity category.

Directory account discovery job workflow

Safeguard for Privileged Passwords's directory account discovery jobs run automatically each time it synchronizes the directory. You can view or modify the Synchronization Interval on the directory's General tab.

To configure directory account discovery jobs

  1. Create a directory account discovery job. For more information, see Managing directory account discovery jobs.
  2. After the directory account discovery job runs, open the directory's Discovered Accounts tab to mark the accounts:
    1. Click  Ignore to prevent Safeguard for Privileged Passwords from managing the selected directory account.
    2. Click  Manage to add the selected account to the selected directory and assign it to the scope of the default profile.

      Note: The discovery job finds all accounts that match the discovery rule's criteria regardless of whether it has been marked Ignore or Manage in the past.

  3. Search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the directory account discovery events in the Account Discovery Activity category.
Related Documents