One Identity Safeguard 2.5 - Evaluation Guide

Exercise 1: Creating audit data

By following these steps, you will add some password check and change history to Safeguard for Privileged Passwords's audit log and you will learn how to manually verify and reset account passwords.

To perform password check and change activity

  1. Log in as AssetAdmin and navigate to Administrative Tools.
  2. In Accounts, select an account.
  3. Open the Account Security menu and notice the three options: Check Password, Change Password, and Set Password using the Manual Password option.

    Note: These same options are available from an account's context menu.

  4. Check the password for the account.

    Note: The Tasks pane opens when you start a task. You can re-size your desktop client console so that the Tasks pane is not covering the Administrative Tools.

    The "Check" option verifies the account password is synchronized with the Safeguard for Privileged Passwords database; this action should succeed.

    TIP: If Check Password fails, run Check Asset from the context menu of the asset to ensure that Safeguard for Privileged Passwords can communicate with it. Then retry the Check Password option on the account.

  5. Set the password for the account to "Mypass01" using the Manual Password option.

    The "Manual Password" option manually sets the account password in the Safeguard for Privileged Passwords database; not on the appliance; so now they are not in sync.

  6. Check the password for the account.

    The "Check" option should fail because the account password is not in sync with the Safeguard for Privileged Passwords database.

  7. Change the password for the account.

    The "Change" option creates a new account password and synchronizes it on the Safeguard for Privileged Passwords database.

  8. Check the password for the account again.

    This task should now be successful.

Stay logged in as the AssetAdmin for the next exercise.

Exercise 2: Accessing the Password Archive

Password Archive allows you to access a previous password for an account for a specific date.

NOTE: The Password Archive dialog only displays previously assigned passwords for the selected asset based on the date specified. This dialog does not display the current password for the asset.

To access an account's previous password

  1. In Accounts, select the account you have been working with.
  2. Click Password Archive from the toolbar.
  3. In the Password Archive dialog, select today's (or a previous) date.

    TIP: If no entries are returned, this indicates that the asset is still using the current password.

  4. In the View column, click to display the password for the specified date.
  5. Either Copy the password, or click OK to close the dialog.
  6. Close Password Archive to return to Accounts.

Stay logged in as the AssetAdmin for the next exercise.

Exercise 3: Viewing the Check and Change log

Each account has a Check and Change Log tab that allows you to view an account's password validation and reset history.

To view an account's change history

  1. In Accounts, select the account you have been working with.
  2. Select the Check and Change Log tab to view the password change history.
  3. Explore the results. Sort the items by Status or Time.

Stay logged in as the AssetAdmin for the next exercise.

Exercise 4: Viewing the History tab

Each of the Administrative Tools views has a History tab that allows you to view or export the details of each operation that has affected a selected item.

To view the transaction history of an account

  1. In Assets, select a managed system.
  2. Select the History tab to view the transaction history.
  3. Poke around and notice that each of the Administrative Tools (Account, Assets, Partitions, Users, etc.) has a History tab.
  4. Log out.
Related Documents