Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Adding a user to user groups

Note: It is the responsibility of the Security Policy Administrator to add users to user groups to assign to password policies.

To add a user to one or more user groups

  1. Navigate to Administrative Tools | Users.
  2. In Users, select a user from the object list and open the User Groups tab.
  3. Click Add User Groups from the details toolbar.
  4. Select one or more groups from the list in the User Groups dialog and click OK.

    Note: You can also double-click a group name to add it.

If you do not see the user group you are looking for, depending on your Administrator permissions, you can create it in the User Groups selection dialog. (You must have Security Policy Administrator permissions to create user groups.)

To create a new user group from the selection dialog

  1. Click Create New.

    For more information about creating user groups, see Adding a user group.

  2. Create additional user groups, as required.
  3. Click OK in the User Groups selection dialog to add the selected user to the user groups.

Assigning a user to partitions

Assigning a user to a partition makes that user the "Delegated Owner" of that partition, giving that person authorization to manage the assets and accounts in that partition. A delegated partition owner has a subset of the permissions that an Asset Administrator has. For more information, see Administrator permissions.

Note: It is the responsibility of the Asset Administrator to select one or more users to manage the assets and accounts in a partition.

To assign a user to one or more partitions

  1. Navigate to Administrative Tools | Users.
  2. In Users, select a user from the object list and open the Partitions tab.
  3. Click Assign Partition(s) from the details toolbar.
  4. Select one or more partitions from the list in the Partitions selection dialog and click OK.

    Note: You can also double-click a partition name to add it.

If you do not see the partition you are looking for, depending on your Administrator permissions, you can create it in the Partitions selection dialog. (You must have Asset Administrator permissions to create partitions.)

To create a new partition in the Partitions selection dialog

  1. Click Create New.

    For more information about creating partitions, see Adding a partition.

  2. Create additional partitions, as required.
  3. Click OK in the Partition selection dialog to add the selected user to the partitions.

Adding a user to entitlements

When you add users to an entitlement, you are specifying which people can request access governed by the entitlement's policies.

Note: It is the responsibility of the Security Policy Administrator to add users to entitlements.

To add a user to one or more entitlements

  1. Navigate to Administrative Tools | Users.
  2. In Users, select a user from the object list and open the Entitlements tab.
  3. Click Add Entitlement from the details toolbar.
  4. Select one or more entitlements from the list in the Entitlements selection dialog and click OK.

    Note: You can also double-click an entitlement name to add it.

If you do not see the entitlement you are looking for, depending on your Administrator permissions, you can create it in the Entitlements selection dialog. (You must have Security Policy Administrator permissions to create entitlements.)

To create a new entitlement from the Entitlements selection dialog

  1. Click Create New.

    The Entitlement dialog displays. For more information about creating entitlements, see Adding an entitlement.

  2. Create additional entitlements, as required.
  3. Click OK in the Entitlements selection dialog to add the selected user to the entitlements.

Linking a directory account to a user

NOTE: It is the responsibility of the Security Policy Administrator to link directory accounts to a user. Once linked, these linked accounts can be used to access assets and accounts within the scope of an access request policy.

To link a directory account to a user

  1. Navigate to Administrative Tools | Users.
  2. In Users, select a user from the object list and open the Linked Accounts tab.
  3. Click Add Linked Account from the details toolbar.

    The Directory Account dialog displays, listing the directory accounts available in Safeguard for Privileged Passwords. This dialog includes the following details about each directory account listed:

    • Name: Displays the name of the directory account.
    • Domain Name: Displays the name of the domain where this account resides.
    • Password Request: Indicates whether password release requests are allowed.
    • Needs a Password: Indicates whether the account needs a password.
    • Description: Displays descriptive text about the directory account.
  4. Select one or more accounts from the list in the Directory Account selection dialog and click OK.

Related Documents