One Identity Safeguard 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Assigning a profile to an asset

Use the Assets view to assign a profile to an asset.

To assign a profile to an asset

  1. Navigate to Administrative Tools | Assets.
  2. In Assets, double-click an asset to open the general properties, or click the  Edit icon next to the General title on the General tab.
  3. Browse to select a profile, and click OK. You can only choose profiles that are in the selected asset's partition.

  4. Click Reset to set the profile to the current default.
Related Topics

Assigning assets or accounts to a partition profile

Manually adding a tag to an asset

Asset Administrators can manually add and remove tags to an asset using the Tags pane, which is located at the bottom of the General tab when an asset is selected on the Assets view.

You cannot manually remove dynamically assigned tags which are indicated by a lightening bolt icon. You must modify the rule associated with the dynamic tag if you want to remove it. For more information, see Modifying an asset or asset account tag.

To manually add a tag to an asset

  1. Navigate to Administrative Tools | Assets.
  2. Select an asset from the object list (left-pane).
  3. Open the General tab and scroll down to view the Tags pane.
  4. Click next to the Tags title.
  5. Place your cursor in the edit box and enter the tag to be assigned to the selected asset.

    As you type, existing tags that start with the letters entered will appear allowing you to select a tag from the list.

    To add additional tags, press Enter before entering the next tag.

  6. Click OK.

    If you do not see the new tag, click Refresh.

  7. To remove a manually assigned tag, click the X inside the tag box.

Adding an account to an asset

Use the Accounts tab on the Assets view to add an account to an asset.

To add an account to an asset

  1. Navigate to Administrative Tools | Assets.
  2. In Assets, select an asset from the object list and open the Accounts tab.
  3. Click Add Account from the details toolbar.
  4. Enter the account information and click Add Account.

For more information about an account's details, see Adding an account.

Adding account dependencies

When one or more Windows servers use a directory account (such as an Active Directory account) to run hosted services and/or tasks, an Asset Administrator can configure a dependency relationship between the directory account and the Windows servers. Safeguard for Privileged Passwords performs dependent system updates to maintain the passwords for dependent accounts on all the systems that use them. For example, when Safeguard for Privileged Passwords changes the directory account password, it updates the credentials on all the Windows server's dependent accounts so that the services or tasks using this account are not interrupted.

Note: You must add directory accounts to Safeguard for Privileged Passwords before you can set up account dependency relationships. For more information, see Adding directory accounts to a directory.

To add account dependencies to Windows servers

  1. Navigate to Administrative Tools | Assets.
  2. In Assets, select a Windows server from the object list and open the Account Dependencies tab.
  3. Click Add Account from the details toolbar and select one or more directory accounts. Safeguard for Privileged Passwords only allows you to select directory accounts.
Related Documents