Chat now with support
Chat with Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Access Requests

The Access Requests tab on the Dashboard allows Security Policy Administrators to review and manage access requests from a single location. Clicking one of the access request tiles across the top of the view displays additional information about the access requests belonging to that category. In addition, you can review the request workflow, launch a live session, end a session, or revoke a specific request.

This dashboard is available to Safeguard for Privileged Passwords users assigned the following administrative permissions:

  • Auditor: Read-only view.
  • Security Policy: Full control.
Access requests: Tiles
  • Open Requests: Displays a list of all currently opened access requests, including session requests and password release requests.
  • Open Sessions: Displays a list of all currently opened sessions.
  • Passwords Out: Displays a list of all password release requests that are currently checked out.
  • Pending Approval: Displays a list of access requests to be approved.
  • Pending Review: Displays a list of access requests to be reviewed.
Access requests: Toolbars

Use the toolbar at the top of the details grid to perform the following tasks.

  • Workflow: Select to review the transactions that took place in the selected request. Clicking this button displays the Request Workflow dialog allowing you to audit the transactions that occurred during the request's workflow from request to approval to review.
  • View Live Session: Select to view a live session for the selected session request. Clicking this button launches the Desktop Player allowing you to follow an active session.

    If the Desktop Player is not installed, see Installing the desktop client, Installing the Desktop Player section.

    For details on using the Desktop Player, go to One Identity Safeguard for Privileged Sessions - Technical Documentation. Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.

  • Terminate Session: Select to close the live session for the selected session request.
  • Revoke Request: Select to retract the selected access request.
  • Export: Select to create a .csv or .json file of the currently displayed access request grid and save it to a location of your choice.

    The time is set according to the user time zone. If necessary, you can convert timestamps to another time, if necessary. For more information, see Converting time stamps.

  • Columns: Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the grid. Clear the check box for data to be excluded from the grid.

Viewing details

Additional detailed information is available for access requests listed in the request grids on the Access Requests view.

To see the details of an access request

  1. Double-click a request to view additional details.
  2. Double-click to close the request details.

    NOTE: Clicking Refresh at the top of the view also closes the details in addition to retrieving the latest access requests.

Account Automation

The Account Automation tab on the Dashboard allows Asset Administrators to view information regarding accounts that are failing different types of tasks. This dashboard includes both automated and manual tasks in the failure results. Clicking one of the failure task tiles across the top of the view displays additional information about the accounts belonging to that category.

This dashboard is available to Safeguard for Privileged Passwords users assigned the following administrative permissions:

  • Asset Administrator: Full control for accounts related to all Safeguard for Privileged Passwords assets.
  • Auditor: Read-only view.
  • Delegated Partition Owner: Control for accounts related to the accounts and assets managed through delegation.
Account Automation: Tiles
  • Password Check Failures: Displays a list of accounts where password check tasks failed.
  • Password Change Failures: Displays a list of accounts where password change tasks failed.
  • SSH Key Check Failures: Displays a list of accounts where SSH key check tasks failed.
  • SSH Key Change Failures: Displays a list of accounts where SSH key change tasks failed.
  • SSH Key Discovery Failures: Displays a list of accounts where SSH key discovery tasks failed.
  • Suspend Account Failures: Displays a list of accounts where suspend tasks failed.
  • Restore Account Failures: Displays a list of accounts where restore tasks failed.
Account Automation: Toolbar

Use the toolbar at the top of the details grid to perform the following tasks.

  • Rerun task: Select to rerun the selected task.
  • Export: Select to create a .csv or .json file of the currently displayed account automation grid and save it to a location of your choice. The time is set according to the user time zone. You can convert timestamps another time, if necessary. For more information, see Converting time stamps.
  • Columns: Select to display a list of columns that can be displayed in the grid. Select the check box for data to be included in the grid. Clear the check box for data to be excluded from the grid.

Reports

 Reports allows the Auditors and Security Policy Administrators to view and export entitlement reports that show which assets and accounts a selected user is authorized to access. Asset Administrators and Auditors can view and export ownership reports that show which assets, accounts, and partitions a selected user manages. Reports may be exported in .csv or .json format.

Reports toolbar

The toolbar at the top of Reports contains these options.

  • Refresh: Updates the entitlement report.
  • Export: Used to create a .csv or a .json file of the report. Different information may be returned based on whether you select CSV or JSON. For example, JSON includes details of accounts discovered and CSV includes only the count of accounts.

The time is set according to the user time zone. You can convert timestamps another time, if necessary. For more information, see Converting time stamps.

Entitlement reports

One Identity Safeguard for Privileged Passwords provides these entitlement reports.

  • User: Lists information about the accounts a selected user is authorized to request.
  • Asset: Lists information about the accounts associated with a selected asset and the users who have authorization to request those accounts.
  • Account: Lists detailed information about the users who have authorization to request a selected account including: Entitlement, Policy, Access Type, Password Included, Password Change, Time Restrictions, Expiration Date, Group, From Linked Account, and Last Accessed.
Ownership reports

One Identity Safeguard for Privileged Passwords provides these ownership reports:

  • User: Lists information about ownership based on each owner.

  • Partition: Lists information about ownership for a partition.

  • Asset: Lists information about ownership for an asset.

  • Account: Lists information about ownership for an account.

  • Tag: Lists information about owners of assets and accounts assigned to a tag.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating