One Identity Safeguard 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Sessions management

You can view, edit, or delete joined Sessions Appliance connections. Once joined, all sessions are initiated by the Safeguard for Privilege Password (SPP) appliance via an access request and managed by the Safeguard for Privileged Sessions (SPS) appliance and sessions are recorded via the Sessions Appliance.

To join a Sessions Appliances with a standalone primary SPP Appliance, SPS and SPP user names and passwords are required.

The sessions appliance certificate is available for audit by the Auditor.

For information, see the following:

Once the join is complete, navigate to Administrative Tools | Settings | External Integration | Sessions Management.

The Sessions Management pane displays the following session details.

Table 197: Sesssions Management: Properties
Property Description

Network Address

The network DNS name or IP address of the session connection.

SPS Username

The user name for Safeguard for Privileged Sessions (SPS). Do not include spaces in the user name.

SPP

Username

The user name for Safeguard for Priviliged Passwords (SPP). Do not include spaces in the user name.

Thumbprint

A unique hash value that identifies the certificate.

Name

The name of the Safeguard for Privileged Sessions Appliance used to authenticate the joined SPS session connection.

Description

Descriptive text about the SPS session connection (for example, 20 on cluster - 172 primary node).

Use these toolbar buttons to manage sessions.

Table 198: Sessions Management: Toolbar
Option Description
Delete Selected

Remove the selected joined SPS session connection.

Refresh

Update the list of joined SPS session connections.

Edit

Modify the selected joined SPS session connection Description, Network Address, SPS Username, Password, or PEM Encoded Certificate Chain.

If you change the Certificate, you must include the values for the Username and Password to confirm validity and pass the trust check.

Initiating the SPP to SPS join

To intiate the join from Safeguard for Privileged Passwords (SPP) to Safeguard for Privileged Sessions (SPS) follow the steps below.

For information on monitoring and error resolution, see:

Steps:

  1. Connect to the Safeguard Sessions Appliance over SSH or log in as root on the console.
  2. Enter Join to SPP. The Sessions Appliance returns a message like: Initializing SPP Join (press Ctrl+C any time to abort)...
  3. Provide the requested information:
    1. IP address of SPP appliance (Example: 12.1.12.123)
    2. SPP username
    3. SPP password
    4. Description of this SPS (Example: SPS 89.8.89.789 on SPP 12.1.12.123)

    5. SPS username

    6. SPS password

  4. You will receive a message:
    • If the join is unsuccessful, this message displays: Request failed. Check the information provided including the credentials, IP address, and appliance certificates.
    • If the join is successful, you will see two messages:
      1. An alert displays in the user interface: Your sessions management has now switched to an external appliance and you will need to restart the desktop client. Would you like to do that now? Click OK to complete the connection and update settings and entitlement policy details.
      2. The Sessions Appliance returns a message like this: SPS successfully joined to SPP. Press ENTER to exit. Press Enter then select Logout.

  5. Click OK and reboot the system when you see this popup: Alert Your session management has now switched to an external appliance, and you will need to restart the desktop client. Would you like to do that now?

When the SPS session connection is joined, open access requests are automatically closed. When you double-click the event in the Activity Center, the event details Action is Evicted.

Sessions recorded prior to joining the Safeguard Sessions Appliances are available for playback from local storage and in accordance with the permissions of the Safeguard Passwords Appliance. When a backup is created, the state of the sessions module is saved which can be either the embedded sessions module (SPP) or the joined sessions module (SPS). Restoring a backup restores the sessions module to the state when the backup was taken, regardless of the state when the restore was started.

Reversing the SPP to SPS join

Once a Safeguard for Privileged Passwords (SPP) cluster node has been configured to use the Safeguard Sessions Appliance, it can only be reversed by a factory reset of the Safeguard Passwords Appliance. The factory reset redeploys the Safeguard Passwords Appliance session module. For more information, see Factory Reset from the desktop client.

Another way to reverse the join to Safeguard for Privileged Sessions is to restore a backup that was taken before the first join of Safeguard for Privileged Sessions (SPS).

SNMP

Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on IP networks. One Identity Safeguard for Privileged Passwords allows you to configure SNMP subscriptions for sending SNMP traps to your SNMP console when certain events occur.

Navigate to Administrative Tools | Settings | External Integration | SNMP. The SNMP pane displays the following about the SNMP subscribers defined.

Table 199: SNMP: Properties
Property Description
Network Address The IP address or FQDN of the primary SNMP network server.
Port The UDP port number for SNMP traps.
Version The SNMP version being used.
Community The SNMP community string being used by the SNMP subscriber.
Description The description of the SNMP subscriber.
# of Events The number of events selected to be sent to the SNMP console.

Use these toolbar buttons to manage the SNMP subscriptions.

Table 200: SNMP: Toolbar
Option Description
New Add a new SNMP subscription. For more information, see Configuring SNMP subscriptions.
Delete Selected

Remove the selected SNMP subscription.

Refresh Update the list of SNMP subscriptions.
Edit Modify the selected SNMP subscription.
Copy Clone the selected SNMP subscription.
Related Documents