Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Management Console for Unix Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix Hosts Working with Host Systems Managing Local Groups Managing Local Users Active Directory Integration Authentication Services Integration Privilege Manager Integration Reporting Setting Preferences Security Troubleshooting Tips
Auto Profile Issues Active Directory Issues Auditing and Compliance Cannot Create a Service Connection Point Check Authentication Services Agent Status Commands Not Available CSV or PDF Reports Do Not Open Database Port Number Is Already in Use Elevation Is Not Working Hosts Do Not Display Import File Lists Fakepath Information Does Not Display in the Console Java Applet Failures License Info in Report is not Accurate Out of Memory Error Post Install Configuration Fails on Unix or Mac Privilege Manager Feature Issues Profile Task Never Completes questusr Account was Deleted Readiness Check Failed Recovering From a Failed Upgrade Reports Are Slow Reset the Supervisor Password Running on a Windows 2008 R2 Domain Controller Service Account Login Fails Setting Custom Configuration Settings Single Sign-on (SSO) Issues JVM Memory Tuning Suggestions Start/Stop/Restart Management Console for Unix Service Tool Bar Buttons Are Not Enabled UID or GID Conflicts
System Maintenance Command Line Utilities Web Services Database Maintenance

Getting Started

To enable the mangement console's Privilege Manager features

  1. Set up a user in the Manage Sudo Policy or Manage PM Policy role to edit the policy and a user in the Audit Sudo Policy or Audit PM Policy role to replay keystroke logs. (See Add (or Remove) Role Members for details.)

    Note: The default supervisor account is a member of all roles and therefore has the permissions to both edit policy and replay keystroke logs.

  2. Download the Privilege Manager for Unix software packages to the server.

  3. Set the Privilege Manager software location in System Settings.

    (See Set Privilege Manager Software Path.)

  4. Configure the Primary Policy server:

    1. Add and profile a host intended to be the primary policy server.
    2. Check the server for configuration readiness. (See Check Policy Server Readiness.)
    3. Install the Privilege Manager Policy Server package. (See Install the Privilege Manager Packages.)
    4. Configure the primary policy server. (See Configure the Primary Policy Server.)
    5. Join the PM Agent or Sudo Plugin to the policy group. (See Join the Host to a Policy Group.)
  5. Configure a Secondary Policy server:

    1. Add and profile a host intended to be a secondary policy server used for load balancing.
    2. Check the server for configuration readiness. (See Check Policy Server Readiness.)
    3. Install the Privilege Manager Policy Server package. (See Install the Privilege Manager Packages.)
    4. Configure the secondary policy server. (See Configure Secondary Policy Server.)
    5. Join the PM Agent or Sudo Plugin to the policy group. (See Join the Host to a Policy Group.)
  6. Install the PM Agent or Sudo Plugin software on a remote host:

    1. Add and profile a remote host where you plan to install the PM Agent or Sudo Plugin software.
    2. Configure a console service account on the primary policy server and activate the policy groups you want to use. (See Configure a Service Account for details.)
    3. Check the remote host for policy readiness. (See Check Client for Policy Readiness.)
    4. Install the Privilege Manager software on the remote host. (See Install Privilege Manager Agent or Plugin Software.)
    5. Join the PM Agent or Sudo Plugin to the policy group. (See Join the Host to a Policy Group.)

Configure a Primary Policy Server

The first thing you must do is configure the host you want to use as your primary policy server.

Related Topics

Check Policy Server Readiness

Install the Privilege Manager Packages

Configure the Primary Policy Server

Join the Host to a Policy Group

Check Policy Server Readiness

Check Policy Server Readiness performs a series of tests to verify that the specified host(s) meet the minimum requirements to be configured as a policy server.

Note: This command is only available, if no Privilege Manager software is installed on the selected host(s).

For the readiness check to finish successfully, the path to the Privilege Manager software packages must be correctly set in System Settings. (See Set Privilege Manager Software Path for details.)

To check for policy server readiness

  1. Select one or more hosts on the All Hosts view of the Hosts tab, open the Check menu from the Prepare panel of the tool bar, and choose Check Policy Server Readiness.

  2. In the Check Policy Server Readiness dialog, enter user credentials to access the host(s) and click OK.

    Note: This task does not require elevated credentials.

    If you select multiple hosts, you are asked if you want to use the same credentials for all the hosts (default) or enter different credentials for each host.

    1. If you selected multiple hosts and the Use the same credentials for all selected hosts option, enter your credentials to log on to access the selected host(s) and click OK.

    2. If you selected multiple hosts and the Enter different credentials for each selected host option, it displays a grid which allows you to enter different credentials for each host listed. Place your cursor in a cell in the grid to activate it and enter the data.

  3. To check the results of the readiness check,

    1. Right-click the host on the All Hosts view of the Hosts tab, and choose Readiness Check Results.

    2. Choose Policy Readiness from the drop-down menu, if necessary.

    Running the readiness check on a policy server performs these tests:

    • Basic Network Conditions:
      • Hostname is configured
      • Hostname can be resolved
      • Reverse lookup returns it own IP
    • Privilege Manager for Unix Server Network Requirements
      • Policy server port is available (TCP/IP port 12345)
    • Privilege Manager for Unix Prerequisites
      • SSH keyscan is available

    A progress bar displays in the Task Progress pane. The final status of the task displays, including any failures or advisories encountered.

  4. If the readiness check completed with failures or advisories, correct the issue(s) and run the policy server readiness check again.

    After you make sure your primary policy server host meets the system requirements, you are ready to install the Privilege Manager packages.

Install the Privilege Manager Packages

The mangement console allows you to install three Privilege Manager software components which provide central policy management, granular access control reporting, as well as the ability to enable, gather, store and playback keystroke logs.

Note: Centralized policy management and keystroke logging are licensed separately. (See Software & Licenses for details.)

To install the Privilege Manager packages

  1. Select one or more profiled hosts on the All Hosts view.
  2. Click Install Software from the Prepare panel on the All Hosts view.

    Note: The Install Software tool bar menu is enabled when you select hosts that are profiled.

    The tool bar button will not be active if

    • You have not selected any hosts.
    • You have selected hosts that are not profiled.
  3. On the Install Software dialog, select a Privilege Manager package and click OK.

    1. Sudo Plugin
    2. Privilege Manager Agent
    3. Privilege Manager Policy Server

    Note: If you do not see these software packages, verify the path to the software packages is correctly set in System Settings. (Refer to Set Privilege Manager Software Path for details.)

  4. On the Log on to Host dialog, enter your host credentials and click OK to start the installation process.

    Note: This task requires elevated credentials.

Related Documents