Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Modifying an asset group

To modify an asset group's information

  1. Navigate to Administrative Tools | Asset Groups.
  2. In Asset Groups, select an asset group from the object list.
  3. Select the view of the asset group's information you want to modify (General or Assets).

    For example:

    • To change an asset group's name or description, double-click the General information in the General tab or click the  Edit icon. You can also double-click an asset group name to open the General settings edit window.

    • To add (or remove) assets to the selected asset group, open the Assets tab.
  4. To view or export the details of each operation that has affected the selected asset group, open the History tab.

Deleting an asset group

You can delete an asset group. When you delete an asset group, Safeguard for Privileged Passwords does not delete the associated assets.

To delete an asset group

  1. Navigate to Administrative Tools | Asset Groups.
  2. In Asset Groups, select an asset group from the object list.
  3. Click Delete Selected.
  4. Confirm your request.

Directories

You can leverage your existing directory infrastructure (such as Microsoft Active Directory) in One Identity Safeguard for Privileged Passwords. Once you import directory users and directory groups, Safeguard for Privileged Passwords automatically synchronizes the objects in its database with the directory schema attributes. User and group membership changes in the directory are reflected in Safeguard for Privileged Passwords. Directory users authenticate to Safeguard for Privileged Passwords with their directory credentials.

Safeguard for Privileged Passwords supports the RBAC model of separation of duties. With directory integration there are three distinct roles in play: the Directory Administrator, the User Administrator, and the Security Policy Administrator.

  • The Directory Administrator integrates the directory with Safeguard for Privileged Passwords by specifying the credentials Safeguard for Privileged Passwords should use to read from the directory. They also add the directory accounts to make them available for use in access request policies.
  • The User Administrator adds directory users and directory groups to Safeguard for Privileged Passwords.
  • The Security Policy Administrator assigns directory users and groups to access request policies to get access to privileged passwords.

The Auditor and the Directory Administrator have permission to access Directories.

The Directories page in  Administrative Tools displays the following information about the selected directory.

Table 83: Directories: Tabs
Tab Description
General tab

Displays general and attribute settings information.

Accounts tab

Displays the user accounts associated with the selected directory.

Profiles tab

Displays the profiles associated with the selected directory.

Discovered Accounts tab

Displays the accounts Safeguard for Privileged Passwords discovers when it runs a directory account discovery job. For more information, see Directory account discovery job workflow.

History tab

Displays the details of each operation that has affected the selected directory.

Use these toolbar buttons to manage directories.

Table 84: Directories: Toolbar
Option Description
Add Directory

Add an external identity provider, such as Active Directory, to Safeguard for Privileged Passwords. For more information, see Adding a directory.

Delete Selected

Remove the selected directory. For more information, see Deleting a directory.

Refresh

Update the list of directories.

Sync Now

Click Sync Now to:

Use these context menu options to manage directories:

Table 85: Directories context menu options
Option Description
Check Connection

Select to verify that Safeguard for Privileged Passwords can log into the directory using the current service account credentials. For more information, see Checking a directory's connectivity.

Delete Selected

Remove the selected directory from Safeguard for Privileged Passwords. For more information, see Deleting a directory.

General tab

The Administrative Tools | Directories |General tab lists information about the selected directory.

Large tiles at the top of the tab display the number of directory Accounts, Profiles, and Discovered Accounts associated with the selected directory.

Table 86: Directories General tab: General properties
Property Description
Forest Root Domain Name The forest root domain name.
Domains A list of domain names in the forest.
Service Account Domain Name The service account's fully qualified directory domain name.
Service Account Name An account Safeguard for Privileged Passwords uses for management tasks.
Sync additions every The interval for synchronizing additions to the directory object (group membership and user account attributes) properties.
Sync deletions every The interval for synchronizing deletions from the directory object properties.
Last Sync The last date and time Safeguard for Privileged Passwords synchronized its database with the selected directory object properties.
Last Delete Sync The last date and time Safeguard for Privileged Passwords synchronized deletions from the directory object properties.

Last Failure Sync

The last date and time Safeguard for Privileged Passwords failed to synchronize its database with the selected directory.

Last Success Sync The last date and time Safeguard for Privileged Passwords successfully synchronized its database with the selected directory.

Last Failure Delete Sync

The last date and time Safeguard for Privileged Passwords failed to synchronize deletions from the directory object properties.

Last Success Delete Sync

The last date and time Safeguard for Privileged Passwords successfully synchronized deletions from the directory object properties.

Last Failure Account Discovery

The date and time of the last failed account discovery job.

Last Success Account Discovery The date and time of the last successful account discovery job.
Table 87: Directories General tab: Attribute properties
Safeguard for Privileged Passwords Attribute Directory Attribute

User Attributes
Object Class

inetOrgPerson, the default user object class.

User Name

cn, the user's common name.

Password

userPassword, the user's password.

First Name

givenName, the user's given name.

Last Name

sn, the user's last name.

Work Phone

telephoneNumber, the user's work telephone number.

Mobile Phone

mobile, the user's primary mobile telephone number.

Email Address

mail, the user's email address.

Description

description, the description of the user.


Computer Attributes
Object Class

ipHost, the default computer object class.

Name

cn, the computer's common name.

Network Address

ipHostNumber, the network DNS name or IP address of the LDAP server.

Operating System

operatingSystem, the default operating system.

Operating System Version

operatingSystemVersion, the default operating system version.

Description

description, the description of the computer.


Group Attributes
Object Class

groupOfNames, the default group object class.

Name

cn, the group's common name.

Member

member, the group's member name.

Description

description, the description of the group.

Note: For more information about how to synchronize the objects in Safeguard for Privileged Passwords to directory schema attributes, see Adding a directory.

Description: Information about the selected directory.

Related Topics

Modifying a directory

Related Documents