立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 6.0 LTS - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

Unlocking a user's account

If you are unable to log in, your account may have become "locked" and is therefore disabled. For example, if you enter a wrong password for the maximum number of times specified by the account Lockout Threshold settings, Safeguard for Privileged Passwords locks your account. For more information, see Login Control.

Typically, it is the responsibility of the Authorizer Administrator to unlock administrator accounts, and the User Administrator and Help Desk Administrator to unlock non-administrator local users.

To unlock a user's account

There are two ways to unlock a user account:

  • In Users, select a "locked" user, right-click, and select  Unlock from the context menu.
  • Click  User Security and select  Unlock.

User Groups

Safeguard for Privileged Passwords allows you to add both local user groups (a set of local users) and directory groups (a set of directory accounts) to User Groups. The Security Policy Administrator can add a group of users to an entitlement to authorize them to request access to the accounts and assets governed by the entitlement's access request policies.

User Groups is available to the Authorizer Administrator, User Administrator, Security Policy Administrator, and the Auditor. However, it is only available to the Authorizer Administrator and User Administrator if a directory has been added to Safeguard for Privileged Passwords.

The User Groups view displays the following information about the selected user or directory group.

Use these toolbar buttons to manage users.

Add User Groups: Add user groups to Safeguard for Privileged Passwords. For more information, see Adding a user group.

Add Directory Group: Add a directory user group to Safeguard for Privileged Passwords. For more information, see Adding a directory user group.

Delete Selected: Remove the selected user group. For more information, see Deleting a user group.

Refresh: Update the list of user groups.

  • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.
  • General tab (user groups)

    The General tab lists information about the selected user group.

    Large tiles at the top of the tab display the number of Users in the selected group and, when applicable, the number of Entitlements to which the selected group is an entitlement member or user. Clicking a tile heading opens the corresponding tab.

    NOTE: The Entitlements tile is only visible to the Auditor and Security Policy Administrator.

    Navigate to Administrative Tools | User Groups | General.

    Table 189: User Groups General tab: General properties
    Property Description
    Name

    The group name.

    Distinguished Name (directory user group)

    The distinguished name of the group.

    Primary Authentication Provider (directory user group)

    The name of the authentication provider (for example, the name of an external provider such as a Microsoft Active Directory domain name).

    Permissions (directory user group)

    Lists the user's administrator permissions or "Standard User" if

    user does not have administrative permissions.

    Related Topics

    Modifying a user group

    Users tab (user groups)

    The Users tab displays the members of the selected group.

    Click  Add User from the details toolbar to add one or more users to the selected local user group.

    NOTE: For directory groups, group membership is read-only. That is, you cannot add or remove users from a directory group using the Users tab.

    Navigate to Administrative Tools | User Groups | Users.

    Table 190: User Groups: Users tab properties
    Property Description

    User Name

    The user's display name.

    Name

    The user's first and last name, if the information exists in the user's properties; otherwise, the user's display name.

    Provider

    The name of the authentication provider: Local, Certificate, or the name of an external provider such as a Microsoft Active Directory domain name.

    Distinguished Name

    The distinguished name of the user.

    Use these buttons on the details toolbar to manage the users in your user groups.

    Table 191: User Groups: Users tab toolbar
    Option Description

    Add User

    Add one or more users to the selected user group. For more information, see Adding users to a user group.

    Remove Selected

    Remove the selected user from the user group.

    Refresh

    Update the list of users in the user groups.

    Details

    View additional details about the selected user.

    Search

    To locate a specific user or set of users in this list, enter the character string to be used to search for a match. For more information, see Search box.

    Related Topics

    Adding users to a user group

    Modifying a user group

    相关文档

    The document was helpful.

    选择评级

    I easily found the information I needed.

    选择评级