立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 7.0 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings Reasons
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Activating or deactivating a user account

It is the responsibility of an Authorizer Administrator or User Administrator to activate or deactivate users within Safeguard for Privileged Passwords. However, this state can only be changed within Safeguard for Privileged Passwords on users that have their identity source set to the Local provider. This state cannot be modified for directory users. A directory user's state must be modified in the directory and then synchronized with Safeguard for Privileged Passwords.

Deactivating a user will prevent that user from logging into Safeguard for Privileged Passwords and end any currently logged in session. However, an administrator cannot deactivate their own user.

Safeguard for Privileged Passwords can also be configured to automatically deactivate users who have not logged in within a configured time span. Note, this does not apply to directory users. For more information, see Local Login Control.

To activate or deactivate a user account

  1. Navigate to User Management | Users.
  2. In Users, select a user from the object list.
  3. From the toolbar options, select either Activate User or Deactivate User.

Deleting a user

Typically, it is the responsibility of the Authorizer Administrator to delete administrator users and the User Administrator to delete non-administrator users.

IMPORTANT: When you delete a local user, Safeguard for Privileged Passwords deletes the user permanently. If you delete a directory user that is part of a directory user group, the next time it synchronizes its database with the directory, Safeguard for Privileged Passwords will add it back in.

To delete a user

  1. Navigate to User Management | Users.
  2. In Users, select a user from the object list.
  3. Click Delete.
  4. Confirm your request.

Setting a local user's password

It is primarily the responsibility of the Authorizer Administrator to set passwords for administrators. The User Administrator and Help Desk Administrator set passwords for non-administrator local users. These administrators can only set passwords for local users. Directory user passwords are maintained in an external provider, such as Microsoft Active Directory.

To set a local user's password

  1. Navigate to User Management | Users.
  2. Select a local user from the object list and perform one of the following:
    • From the toolbar options, select  Set Password.
    • On the Properties tab, click Set Password.
  3. In the Set Password dialog, enter the new password.
  4. If you want to require the user to change their password during their next login, make sure the User must change password at next login check box is selected.
  5. Click Set Password. You must comply with the password requirements specified in the dialog. For more information, see Local Password Rule.

Unlocking a local user's account

If you are unable to log in, your account may have become "locked" and is therefore disabled. For example, if you enter a wrong password for the maximum number of times specified by the account Lockout Threshold settings, Safeguard for Privileged Passwords locks your account. For more information, see Local Login Control.

Typically, it is the responsibility of the Authorizer Administrator to unlock administrator accounts, and the User Administrator and Help Desk Administrator to unlock non-administrator local users.

To unlock a local user's account

  1. Navigate to User Management | Users.
  2. Select a "locked" user from the list.
  3. From the toolbar options, select  Unlock.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级