Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Management Console for Unix Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix Hosts Working with Host Systems Managing Local Groups Managing Local Users Active Directory Integration Authentication Services Integration Privilege Manager Integration Reporting Setting Preferences Security Troubleshooting Tips
Auto Profile Issues Active Directory Issues Auditing and Compliance Cannot Create a Service Connection Point Check Authentication Services Agent Status Commands Not Available CSV or PDF Reports Do Not Open Database Port Number Is Already in Use Elevation Is Not Working Hosts Do Not Display Import File Lists Fakepath Information Does Not Display in the Console Java Applet Failures License Info in Report is not Accurate Out of Memory Error Post Install Configuration Fails on Unix or Mac Privilege Manager Feature Issues Profile Task Never Completes questusr Account was Deleted Readiness Check Failed Recovering From a Failed Upgrade Reports Are Slow Reset the Supervisor Password Running on a Windows 2008 R2 Domain Controller Service Account Login Fails Setting Custom Configuration Settings Single Sign-on (SSO) Issues JVM Memory Tuning Suggestions Start/Stop/Restart Management Console for Unix Service Tool Bar Buttons Are Not Enabled UID or GID Conflicts
System Maintenance Command Line Utilities Web Services Database Maintenance

Set Session Timeout

By default, after 15 minutes of inactivity in the console, users are logged out. You can extend the session timeout to up to 4 hours.

To extend the session timeout period

  1. From the top-level Settings menu, navigate to the General settings.
  2. Under Session Timeout, select your desired timeout period and click OK.

Mark Host System Users Automatically

You can enable the mangement console to mark local user accounts as "system users" when it profiles hosts.

To mark system users automatically during host profile

  1. From the top-level Settings menu, navigate to the General settings.
  2. Under Host System Users, select Mark system users automatically when profiling. (Set by default)

    Note: This setting is set by default. However, it only marks system users automatically during the initial profile.

  3. Enter a UID number or range of numbers to mark.

    Use a colon (:) to signify a range of numbers; comma delimit multiple numbers or ranges. For example,

    0:499,501,555:600

    Note: Do not add extra spaces.

  4. Enter specific account names you want to mark. For example,
    root,web*,*nobody,ma?k

    Note: Comma delimit multiple names; do not add extra spaces. You can use wildcards in the text string, such as * and ?.

    System users are identified by the icon displayed in the user state column, indicated with the .

Note: You can provide both a UID range and specific user account name(s).

Console Information Settings

Both users and remote hosts use the information on the Console Information settings to find and identify this mangement console on the network.

Note: The Control Center also uses the console information to find and identify this mangement console, as well as perform automatic profile and automatic QAS status tasks.

During the post-installation configuration steps, the console information was set on the Identify Console dialog of the setup wizard. You can modify these settings from System settings | General | Console Information.

Table 16: Console Information settings
Option Description
Console host address

Enter the DNS name or IP address to access this mangement console.

NOTE: This is a critical setting needed by the Profile Automatically and Check QAS Agent Status Automatically features; thus, it is important to use a name that other computers on the network can use to resolve to this host.
Console name Enter the name of the computer where this mangement console was installed. The mangement console pre-populates this with the computer's DNS name, but you can modify this to identify the computer.
Contact Optionally, enter the user name of the contact person responsible for installing/maintaining this mangement console.
Description Optionally, enter a brief description to identify this mangement console on the network.

Publish Console to Active Directory

A Service Connection Point (SCP) enables a service to publish service-specific data in Active Directory which can then be used by network clients to locate, connect, and authenticate to an instance of the service. Management Console for Unix can create and register an SCP with Active Directory so that client applications (such as Control Center) can locate and browse to instances of the mangement console running on the network.

To publish an SCP with Active Directory, enable the setting in Console Information settings. When you enable this setting, Management Console for Unix creates an SCP as a child of the Active Directory computer object of the computer where Management Console for Unix server is running. Once created, the SCP contains the keywords and service binding information that allows clients to browse to the initial screen of the mangement console. That is, a client application searches the Global Catalog (GC) for the SCP containing the Management Console for Unix keywords and then uses the service URL to browse to the mangement console. Please keep in mind, that the ServiceConnectionPoint object will appear in the GC based on the replication policy (usually every 5 minutes); therefore, the client application (such as, Control Center) may not find it immediately after the SCP is published to Active Directory.

Note: You can only register an SCP if the mangement console is installed on a computer that is joined to Active Directory.

To publish the mangement console to Active Directory

  1. Log onto the mangement console using the supervisor account or an Active Directory account with rights to change System Settings; that is, an account in the Console Administration role.
  2. From the top-level Settings menu, navigate to System settings | General | Console Information.

    The Management Console for Unix service uses the information displayed on this dialog to create and register the SCP with Active Directory.

  3. Under Publish console to Active Directory, select the Register a Service Connection Point with Active Directory option to publish the mangement console to Active Directory.

Note: If the Register a Service Connection Point with Active Directory option is disabled, see Cannot Create a Service Connection Point.

Related Documents