One Identity Safeguard 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Viewing asset and asset account tag assignments

Use the Occurrences button on the Tags pane on the Asset Management page to view a list of all the assets and asset accounts assigned to a tag.

To view asset and asset account tag assignments

  1. Navigate to Administrative Tools | Settings | Asset Management | Tags.
  2. Select a tag from the list.
  3. Click the toolbar button.

    The Occurrences dialog displays, which contains a list of all the assets and asset accounts assigned to the selected dynamic tag. This dialog includes the object name and the type of object: asset or account.

  4. Use the Search box to locate a specific tag or set of tags in this list. Enter the character string to be used to search for a match.
  5. Click Close to close the dialog and return to the Tags pane.

Backup and Retention settings

Use the Backup and Retention settings to manage your Safeguard for Privileged Passwords backups and archive servers.

It is the responsibility of the Appliance Administrator to configure the Safeguard for Privileged Passwords backup and retention settings.

Navigate to Administrative Tools | Settings | Backup and Retention.

NOTE: When a backup is created, the state of the sessions module is saved which can be either the embedded sessions module (SPP) or the joined sessions module (SPS). Restoring a backup restores the sessions module to the state when the backup was taken, regardless of the state when the restore was started.

Table 164: Backup and Retention settings
Setting Description
Archive servers Where you add and manage archive servers for storing backup files and session recordings.

Audit Log Management

Where you define the audit logs to be archived and purged as well as a schedule for performing the audit log archival task.

Backup and Restore Where you initiate or schedule a backup, upload or download a backup file, or specify the archive server where a backup file is to be stored.
Backup retention Where you enable (or disable) backup retention and set the maximum number of backup files you want Safeguard for Privileged Passwords to store on the appliance.

About backups

One Identity Safeguard for Privileged Passwords backs up the following:

  • All settings, except:

    • Appliance IP address
    • Network Time Protocol (NTP) configurations
    • Domain Name System (DNS) configuration
  • Transaction history
  • All information about Safeguard for Privileged Passwords objects:

    • Accounts
    • Account groups
    • Assets
    • Asset groups
    • Directories
    • Entitlements
    • Partitions
    • Users
    • User groups

Safeguard for Privileged Passwords encrypts and signs the data before it makes it available for downloading to an off-appliance storage. Only a genuine Safeguard for Privileged Passwords Appliance can decrypt the backup and then only when it is on the appliance. This means that if a backup has been downloaded from an appliance for off-appliance storage, you must first upload it to an appliance, which will verify the signature, ensuring that it is an authentic backup for Safeguard for Privileged Passwords.

Archive servers

Archive servers are external physical servers where you store backup files and session recordings. Use the Archive Servers page on the Backup and Retention settings view to configure and manage archive servers.

Navigate to Administrative Tools | Settings | Backup and Retention | Archive Servers. The Archive Servers page displays the following information about previously configured archive servers.

Table 165: Archive Servers: Properties
Property Description
Name

The name of the archive server.

Archive Method The transfer protocol type being used.
Network Address The network DNS name or IP address used to connect to the server over the network.
Storage Path The file path where you want to store backup files on the archive server.
Description

Information about the archive server.

Use these toolbar buttons to manage archive server configurations.

Table 166: Archive Servers: Toolbar
Option Description
Add Archive Server Add an archive server. For more information, see Adding an archive server.
Delete Selected

Remove the selected archive server configuration.

Refresh Update the list of archive server configurations.
Edit Modify the selected archive server configuration.
Related Documents