Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Partitions tab

The Partitions tab displays the partitions over which the selected user is a delegated partition administrator.

Note: The Partitions tab is available to a user with Auditor or Asset Administrator permissions.

Click Add Partition(s) from the details toolbar to delegate the selected user as an administrator to one or more partitions.

Search: For more information, see Search box.

Table 233: Users: Partitions tab properties
Property Description
Name

The partition name.

Description

Information about the selected partition.

Related Topics

Assigning a user to partitions

Entitlements tab

The Entitlements tab displays the entitlements in which the selected user is a member.

Note: The Entitlements tab is only available to a user with Auditor or Security Policy Administrator permissions.

Click Add Entitlement to add the selected user as a "user" of one or more entitlement.

Table 234: Users: Entitlements tab properties
Property Description
Name

The name of the entitlements in which the selected user is a "user".

Access Request Policies The number of unique access request policies in the entitlement.
Accounts

The number of unique accounts in the selected entitlement.

Users The number of unique users in the entitlement.
User Groups

The names of the user groups that associate the selected user to the entitlement.

NOTE: If the selected user is associated with the entitlement explicitly and not through user group membership, then this column is blank and the Direct Member column is "True".

Direct Member

Indicates True if the selected user was explicitly added to the entitlement as a "user". For more information, see Adding users or user groups to an entitlement.

Use these buttons on the details toolbar to manage the entitlements associated with the selected user.

Table 235: Users: Entitlements tab toolbar
Option Description

Add Entitlement

Add the selected user to one or more entitlements. For more information, see Adding a user to entitlements.

Remove Selected

Remove the user from the selected entitlement.

Refresh

Update the list of entitlements.

Details

View additional details about the selected entitlement.

Search

To locate a specific entitlement or set of entitlements in this list, enter the character string to be used to search for a match. For more information, see Search box.

Linked Accounts tab

The Linked Accounts tab displays the directory accounts linked to the selected user that can be used in session request policies to access the assets or accounts defined within the scope of the policy.

Accounts can be linked manually or automatically (see Adding a directory user group and the Automatically link Managed Directory Accounts check box).

To manually link accounts, click Add Linked Acount from the details toolbar to link a directory account to the selected user.

Search: For more information, see Search box.

Table 236: Users: Linked Accounts tab properties
Property Description
Name The account name.
Domain Name The name of the domain where the linked account resides.
Service Account A check in this column indicates that the account is a service account.
Password Request A check in this column indicates that password release requests are enabled for the account.
Session Request A check in this column indicates that session access requests are enabled for the account.
Needs a Password Displays if a password is not set for the account. For more information, see Checking, changing, or setting an account password.
Description Information about the selected account.
Related Topics

Linking a directory account to a user

History tab

The History tab allows you to view or export the details of each operation that has affected the selected user.

Note: Help Desk Administrators, Asset Administrators, and Security Policy Administrators can only view the user object history for their own account.

The History tab contains the following information:

  • Items: Total number of entries in the history log.
  • Search: For more information, see Search box.

  • Time Frame: By default the history details are displayed for the last 24 hours. Click one of the time intervals at the top of the grid to display history details for a different time frame. If the display does not refresh after selecting a different time interval, click Refresh.
Table 237: Users: History tab properties
Property Description
Date/Time The date and time of the event.
User The display name of the user that triggered the event.
Source IP The network DNS name or IP address of the managed system that triggered the event.
Object Name The name of the selected user.
Event

The type of operation made to the selected user:

  • Create
  • Delete
  • Update
  • Add Membership
  • Remove Membership

NOTE: A membership operation indicates a "relationship" change with a related or parent object such as the selected user was added or removed from the membership of a user group or entitlement.

Related Object The name of the related object.
Related Object Type The type of the related object.
Parent The name of the object to which the selected user is a child.
Parent Object Type The parent object type.

Select an event to display this additional information for some types of events (for example, create and update events).

Table 238: Additional History tab properties
Property Description
Property The property that was updated.
Old Value The value of the property before it was updated.
New Value The new value of the property.
Related Documents