立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 7.0.3 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Search by attribute

The attributes available for searching are dependent on the type of object being searched. The search drop-down menu lists the attributes that can be selected.

API attributes can be searched

The drop-down menu lists a limited number of attributes that can be searched; however, you can perform an attribute search using the English name of any attribute as it appears in the API. Nested attributes can be chained together using a period (.). To see a list of all the attributes, see the API documentation. For more information about the API, see Using the API.

Entering the search string

  1. Click the icon and select the attribute to be searched.

    The selected attribute is added to the search box. For example, if you select Last Name then LastName: is added to the search box.

  2. In the search box, enter the text string after the colon in the attribute label.

    You can specify multiple attributes, repeating these steps to add an additional attribute to the search box. Do not add punctuation marks, such as commas or colons, to separate the different attributes. When multiple attributes are included, all search criteria must be met in order for an object to be included in the results list. In the web client, if conflicting attributes are entered for the same search (for example, both true and false) then the results will expand to show all matches so long as they fit one of those attributes.

    As you type, the list displays items whose selected attributes contain the text that was entered.

    NOTE: The status bar along the bottom of the console shows the number of items returned.

  3. To clear the search criteria, click the button.

    When you clear the search criteria, the original list of objects are displayed.

Exporting data

Throughout the web client, when an Export button appears above a table it indicates that the data appearing in the table can be exported as either a JSON or CSV file.

To export data

  1. Navigate to the page displaying the information to be exported. For example, if you want to export user information in order to see who can log into the product then you would navigate to the Users page.
  2. (Optional) Apply filters or search criteria to the displayed data.
  3. Click the Export button.
  4. On the export dialog, select CSV or JSON. Different information may be available depending on your selection. For example, when the data covers an array of information then the CSV will only report the number of items in the array whereas the JSON will contain the full list. This can be seen when exporting Account Groups data; the CSV will show the number of accounts in a group, but the JSON will show all of the information for all the accounts in a group.
  5. Click Fields to open the Export Fields dialog where you can select which fields to include in the report. The Export Fields dialog will be prepopulated with the selections made during the last export of data from the page.
  6. Click OK to save your selection.
  7. Click Sort By to open the Export Sort Order dialog where you can select the order in which to sort the previously selected fields. This allows you to organize the exported data according to your needs.
    • Add Sort Order: Use this button to add additional fields by which to sort the data.
    • Clear All Sort Orders: Use this button to clear all selected fields.
    • Drag up or down to change the sort order: When you have multiple sort orders, click and hold this icon with your cursor then drag the selected sort order to whichever spot in the list you want.
    • Order By: Use this drop-down to select a field by which to sort the data. Additional drop-downs are added using the Add Sort Order button. The Order By fields will be prepopulated with the selection(s) made during the last export of data from the page.
    • or Change Sort Direction: Clicking this button changes the sort direction for the field. For example, if you have selected FirstName in the Order By drop-down and as the sort direction, your exported data will order the results in alphabetical order based on FirstName.
    • : Clicking this button removes the associated Order By selection.
  8. Click OK to save your selection.
  9. Selecting the Limit Results check box displays the Number of results to include field which is used to limit the number of results that will be included in the exported file. The Number of results to include field will be prepopulated with the selection made during the last export of data from the page.
  10. Click Export.

Home

Click Home to go to the home page. The Home page is tailored to your user rights and permissions. If you are authorized by an entitlement to request, approve, or review access requests, then your Home page gives you a quick view to the access request tasks that need your immediate attention.

Based on your role, the dashboard displays My Requests, Approvals, and Reviews, the number of tasks in each queue, and the status of each task (for example, Available, Denied, Revoked, Pending) as well as whether the task is Due Today.

Additional widgets may also be available. For example: Appliance Resources and Cluster Status.

In addition to tasks based on your role, you can perform the following from the Home page:

  • Customize the information that is displayed on the page. Click Settings.
  • Read the Message of the Day from the Appliance Administrator. For more information, see Message of the Day.
Requester's Home page view

Click the New Request button to open the New Access Request dialog, which lists the assets and accounts you are authorized to access. From this dialog you specify the assets, accounts and the type of access you are requesting, and additional details about the request.

For more information, see:

Click My Requests to view the requests awaiting action.

For more information, see:

The Favorites pane displays a list of requests you have marked as a favorite, providing a quick way to request access.

Approver's Home page view

Your job is to approve or deny the access requests listed on your Home page. Click Approvals to view the requests awaiting your approval. As an approver, unless you are also designated as a requester, you will see no favorites listed.

For more information, refer to these topics:

Reviewer's Home page view

Your job is to review completed access requests listed on your Home page. Click Reviews to view the completed requests requiring your review. As a reviewer, unless you are also designated as a requester, you will see no favorites listed.

For more information, refer to these topics:

My Requests

If you are a requester, click My Requests to make a request or see information about requests.

If Show Account Availability is enabled you can identify if a privileged account is available or not. Accounts display a warning badge if in use by a request. An account's status is updated immediately after being changed in order to avoid overlapping account requests from multiple users. Hover over the badge to display <X> of <X> accounts in use. Showing account availability requires additional API queries that may impact performance. This toggle is set by the user not an administrator. There is no global toggle.

NOTE: When the policy governing the request has enabled Allow simultaneous access for multiple user access, the request may still be available even though Show Account Request Availability indicates it is in use.

The My Request page has additional settings that can be used to configure the displayed information. Clicking the button will open a panel with the following options:

  • My Request Favorites: Select this option to display a widget showing configured favorite requests.

  • Show Account Request Availability (may impact performance): Select this option to show the account request availability. Depending on the number of requests this may impact performance.

  • Show Session Launch Button: Select this option to add a Launch Session button the My Request page. This button allows you to open sessions via registered URL schemes in the browser.

  • Show Web Session Launch Button: Select this option to add a Launch Web Session button the My Request page. This button allows you to open Safeguard Remote Access sessions via One Identity Starling.

  • Page Size: Use the associated tiles (25, 50, or 100) to select the number of requests that will be displayed on the My Request page.

To make a request

You must be an authorized user of an entitlement to create a request for the assets and accounts you need.

  1. Click My Requests to go to the My Requests page.
  2. Follow the workflow steps. For more information, see Requesting a password release.

To create a favorite

You can create favorites for requests you make often. For more information, see Favorites.

To view and manage requests

On the My Requests page, you can view the requests. Control the display using the following approaches:

  • Click then select Check-In All Available to check-in all the available requests, Clear All to remove all requests, or Cancel All Pending Time Requested to cancel and remove all pending requests.

  • Click Sort By then select to sort by Account Name, Asset Name, Due Next, Expiring Next, Most Recent, or Status.
  • Click sort up or sort down to sort in ascending or descending order.
  • Click Filters to filter by the status.
    • Available: Approved requests that are ready to view or copy.
    • Pending Approval: Requests that are waiting for approval.
    • Approved: Requests that have been approved, but the check out time has not arrived. Or, for pending accounts restored when using the Safeguard for Privileged Passwords suspend feature.
    • Revoked: Approved requests retracted by the approver. The approver can revoke a request after the request has become available.
    • Expired: Requests for which the Checkout Duration has elapsed.
    • Denied: Requests denied by the approver.
  • Click Search to see a list of searchable elements. Or enter search characters. For more information, see Search box.
  • If a denied or revoked request has been commented on by an approver, you can click the button associated with the request to view the comment.

To launch web sessions

There are two options for launching browser-based sessions from the Safeguard for Privileged Passwords web client:

  • Launch Session: This option allows you to open sessions via registered URL schemes in the browser.

  • Launch Web Session: This button allows you to open Safeguard Remote Access sessions via One Identity Starling.

In order to use the Launch Web Session button to launch Safeguard Remote Access sessions, some additional requirements must be met:

  • Safeguard for Privileged Passwords must be joined to Starling.

  • Safeguard Remote Access and Safeguard for Privileged Sessions may have additional configuration requirements. For more information, see the Safeguard Remote Access and Safeguard for Privileged Sessions documentation.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级