The Settings page in Administrative Tools is where you configure Safeguard for Privileged Passwords to run backups, install updates, manage clusters, manage certificates, enable event notifications, enable external integration, define profile configuration settings, define user password rules, define discovery rules, and run troubleshooting tools.
Note: You must have administrator permissions to access the Settings page and the administrator permissions you have determine what you can do.
Use the Search control at the top of the Settings page to locate a particular setting. For example, if you type password and press the Enter key, a list of all the password settings appears; select an entry from this list to display the selected settings page.
|Access Request settings||
Where you enable (or disable) access request services, such as session requests, password release requests, password check and password change management.
Where you define reason codes for access requests.
Where you view appliance information, diagnose and reset or update the Safeguard for Privileged Passwords Appliance.
Where you enable (or disable) the Application to Application service and Lights Out Management, apply license, configure networking settings, and generate a support bundle.
|Asset Management settings||
Where you configure account discovery rules that apply to asset accounts only. Directory account discovery is done on the directory entity dialogs.
Where you define and manage dynamic tags for assets, asset accounts, and directory accounts.
Where you add a custom platform.
|Backup and Retention settings||
Where you run or schedule backups, manage backups and define archive servers for storing backup files.
Where you configure the maximum number of backup files you want to store on the appliance.
|Certificate settings||Where you manage the chain of trusted certificates.|
Where you can create a cluster of appliances to reduce downtime and data loss in the case of natural or human-induced disaster.
Where you define managed networks for your organization so Safeguard for Privileged Passwords can more effectively manage assets and accounts, and service access requests.
|External Integration settings||
Where you configure event notifications.
Where you configure integration with the Application to Application service, Approval Anywhere, Email, Identity and Authentication, SNMP, Starling, Syslog, and external ticketing system.
Where you can view the Sessions Appliances that are joined and have a session connection. You can edit or delete the joined Sessions Appliance connection.
Where you join Safeguard for Privileged Passwords to Starling.
|Messaging settings||Where you configure a login notification or the message of the day displayed on the Safeguard for Privileged Passwords Home page.|
|Profile settings||Where you define the profile configuration settings, including account password rules and password check and change schedules.|
|Access settings||Where you configure user password rules and Safeguard for Privileged Passwords login controls.|
Where you configure global settings related to the One Identity Safeguard for Privileged Passwords Privileged Sessions module.
Where you configure the SSH banner and manage the SSH Host Key.
This selection is not available if you have a Safeguard Sessions Appliance joined to Safeguard for Privileged Passwords.
Navigate to Administrative Tools | Settings.
|Enable or Disable Services (Access request and password management services)||
Where you enable or disable the following Safeguard for Privileged Passwords services:
Where you configure access request reason codes, which can then be used when creating access request policies.
One Identity Safeguard for Privileged Passwords allows you to enable or disable access request and password management services. These settings control session and password release requests, manual account password validation and reset tasks as well as the automatic profile check and change tasks in Directories and Partitions.
All services are enabled by default. The toggles appear blue with the switch to the right when a service is enabled and gray with the switch to the left when a service is disabled.
These global settings are enabled by default. By default, these services are disabled for service accounts and for accounts and assets found as part of a discovery job.
Service accounts can be modified to adhere to these schedules and discovered accounts can be activated when managed.
It is the responsibility of the Appliance Administrator to manage the access request and password management services.
Navigate to Administrative Tools | Settings | Access Request | Enable or Disable Services.
|Session Requests Enabled||
Session requests are enabled by default indicating that authorized users can make session access requests. There is a limit of 1000 sessions on a single access request.
Click the Session Requests Enabled toggle to disable this service so sessions can not be requested.
|Password Requests Enabled||
Password requests are enabled by default indicating that authorized users can make password release requests
Click the Password Requests Enabled toggle to disable this service so passwords can not be requested.
|Check Password Management Enabled||
Check password management is enabled by default indicating that Safeguard for Privileged Passwords automatically performs the password check task if the profile is scheduled, and allows you to manually check an account's password.
Click the Check Password Management Enabled toggle to disable the password validation service.
|Change Password Management Enabled||
Change password management is enabled by default indicating that Safeguard for Privileged Passwords automatically performs the password change task if the profile is scheduled, and allows you to manually reset an account's password.
Click the Change Password Management Enabled toggle to disable the password reset service.
In an access request policy, a Security Policy Administrator can require that a requester provide a reason for requesting access to a password or session. Then, when requesting access, the user can select a predefined reason from a list. For example, you might use these access request reasons:
To configure access request reasons
Name: Enter a name for the reason.
Limit: 50 characters
Description: Enter a description for the reason.
Limit: 255 characters
To edit a reason, click Edit Reason.
The Reason dialog appears allowing you to modify the name or description.
To delete a reason, click Delete Reason.
In the confirmation dialog, click Yes.