If you are a requester, click My Requests to make a request or see information about requests.
If Show Account Availability is enabled, you can identify if a privileged account is available or not. Accounts display a warning badge if in use by a request. An account's status is updated immediately after being changed in order to avoid overlapping account requests from multiple users.
Hover over the badge to display <X> of <X> accounts in use. Showing account availability requires additional API queries that may impact performance. This toggle is set by the user, not an administrator. There is no global toggle.
NOTE: When the policy that is governing the request has enabled Allow simultaneous access for multiple user access, the request may still be available even though Show Account Request Availability indicates it is in use.
The My Request page has additional settings that can be used to configure the displayed information. Clicking the button will open a panel with the following options:
-
My Request Favorites: Select this option to display a widget showing configured favorite requests.
-
Show Account Request Availability (may impact performance): Select this option to show the account request availability. Depending on the number of requests this may impact performance.
-
Show Session Launch Button: Select this option to add a Launch Session button the My Request page. This button allows you to open sessions via registered URL schemes in the browser.
-
Show Web Session Launch Button: Select this option to add a Launch Web Session button the My Request page. This button allows you to open Safeguard Remote Access sessions via One Identity Starling.
-
Page Size: Use the associated tiles (25, 50, or 100) to select the number of requests that will be displayed on the My Request page.
To make a request
You must be an authorized user of an entitlement to create a request for the assets and accounts you need.
- Click My Requests to go to the My Requests page.
- Follow the workflow steps. For more information, see Privileged access requests.
To create a favorite
You can create favorites for requests you make often. For more information, see Favorites..
To view and manage requests
On the My Requests page, you can view the requests. Control the display using the following approaches:
To launch web sessions
There are two options for launching browser-based sessions from the Safeguard for Privileged Sessions web client:
-
Launch Session: This option allows you to open Windows desktop-based sessions via registered URL schemes.
-
Launch Web Session: This button allows you to open Safeguard Remote Access sessions via One Identity Starling.
In order to use the Launch Web Session button to launch Safeguard Remote Access sessions, some additional requirements must be met:
The personal password vault extends security and credential protection to business users to store and manage passwords. Users must have the Personal Passwords permission granted.
User benefits include:
- Users can store up to 100 personal passwords, set optional expiration dates, and share passwords.
- Users know at a glance the last time they changed their password.
- Users have a history of personal password changes. This is handy if the user changes the password in the vault but not on the target account or if the user needs to work from a backup.
- A password can be shared by the user with one other user. For example, when a user is not available they can give a coworker access to a password. Access can be revoked or the user that has the password shared can opt out of the share.
With the personal password vault, business user passwords are under the control of the IT and security teams, versus a variety of methods of storing passwords. Benefits of the personal password vault for Security Policy Administrators and User Administrators include:
- An organization sanctioned and controlled tool is used for users to store personal passwords.
- Personal passwords are secured and encrypted. They are stored separately from managed account passwords.
- The personal password vault audits the retrieval and change of passwords so administrators know when users pulled information from the vault.
- Administrators can recover passwords when someone leaves the company. The administrator must change the authentication provider to local, set the password of the user, and then log in and view the personal password vault.
- There is no way to recover the personal password vault of a deleted user.
System users (like the bootstrap admin) cannot create personal accounts.
IMPORTANT: The Personal Password Vault permission, like any other permission, can be set explicitly on a user or inherited from a Directory Group. If a user with the Personal Password Vault permission stores one or more personal passwords and then later has the permission revoked, either explicitly or by having been removed from all Directory Groups from which they inherited it, the user will no longer be able to access Personal Password Vault features. But the user’s data within the vault will still be maintained. If at any point the user is granted the Personal Password Vault permission again, they regain access to all of their existing data.
For more information, see Permissions tab (add user)..
The Personal Password Vault page toolbar functions follow.
Table 13: Personal Password Vault: Toolbar
New Entry |
Add an entry to the to the personal password vault. |
- Remove Entry |
Remove one or more selected entries from the personal password vault. Once an entry is removed, you will not have access to the credentials. |
Edit Entry |
Modify the selected entry. |
Information |
View information about the selected entry including:
-
Name: A meaningful name assigned to the application or account to access.
Account Name: The user name for log on authentication. Click Copy Account Name to copy the name to your clipboard.
Password: The secret which you can Show or Hide as well as copy by clicking Copy Password.
Expires: The date the password is no longer valid.
- Notes: Information for the user and anyone sharing the password, such as secondary secrets or other instructions.
- Sharing: The user name of the person your password is Shared With and the date the Sharing Expires. To change the Sharing Expires date, click Edit, change the date and then click Save.
|
Share Credentials |
Select one or more entries then select the user you want to share credentials with and the date to stop sharing. Users must have this feature enabled to be listed. For more information, see Permissions tab (add user).. |
Stop Sharing |
Select one or more entries then click Stop Sharing.
If a password is shared by another owner with you, you cannot remove the share but you can opt yourself out of the share. |
History |
Thirty days of password history display as a default. You can set a date range for displaying password history by selecting From and To values using the calendar. Or, you can click Date Range to select set time periods for hours, days, months, or All History.
In addition to viewing the Date Changed, you can can Show or Hide the password or Copy Password. |
Copy Account Name |
Copy the account name of the selected entry. |
Copy Password |
Copy the password of the selected entry. |
Open URL |
Click to open the URL web address entered when the password was added or edited. |
Columns |
Click to select the columns you want to display. |
Search |
Click to see a list of searchable elements. Or enter search characters. For more information, see Search box. |
Entry details for various applications and systems display in the grid.
Table 14: Personal Password Vault: Passwords grid
Name |
A meaningful name given to the application or account to access, for example Company Twitter. |
Account Name |
The user name used for log on authentication. |
Expires |
The date the password expires or blank (no value) if the password does not have an expiration date. |
Shared |
Display all the following values or click the filter to select a few values to display:
- Not Shared if the password is not shared with another user.
- Shared if you are sharing the password with another user.
- Shared with Me if another user is sharing their password with you.
|
Shared With |
The user name (and domain name, if applicable) with whom the password is shared; blank if the password is not shared.
You can hover over the user name to see the email address for verification. |
Owner |
The owner of the password. |
Sharing Expires |
The date sharing expires and the password will no longer be available to the Shared With user. |
To share your password with another user
- On the Personal Password Vault page in the grid, select one or more entries to share.
- Click Share Credentials.
- On the Share Credentials dialog, click Browse.
- On the Share With... dialog, users with Personal Passwords permissions are available including their Display Name, Domain, and Email Address. Administrators can add permissions. For more information, see Permissions tab (add user)..
Select one user. To search for a user, enter a value in the Search text box or click the icon then make a selection to search by Domain, Display Name, or Email Address. Enter the first letters of the value to display the matches and select the user.
Click OK.
- Set the sharing end date which must be between one day and one year. In Stop Sharing, enter the date, click the calendar and select the date, or click Sharing Expires to select a week or month interval. The password will not be available to the user on that date.
- Click Share.
One easy way to change the Sharing Expires date later is to select the entry and click Information. Next to the Sharing Expires field, click Edit, change the Sharing Expires date, then click Save.
To stop sharing your password with another user
- On the Personal Password Vault grid, the Shared column displays Shared if you are sharing the password.
- Select one or more check boxes of entries to stop sharing.
- Click Stop Sharing. The Stop Sharing dialog displays as a warning.
- Click Stop Sharing.
Click Approvals on the left of the page to manage approvals. On the Approvals page, you can:
- View details by selecting a request then looking at the details display on the right of the page.
- Approve one or more request: Select the requests. Then, click Approve all selected requests to approve all the requests you selected. Optionally, enter a comment.
- Deny one or more request: Select the requests. Then, click Deny all selected requests to deny all the requests you selected. Optionally, enter a comment.
- Change the columns that display: Click and select the columns you want to see. You can select columns including:
- Action: Displays Approve only this request and Deny only this request.
- Requester / Status: Displays the user name and the status of the approval (for example, Pending 1 approval).
- Asset / Access Type: Displays the name of the asset and the type of access (for example, Password, SSH Key, RDP, SSH, API Key, or Telnet).
- Account: Displays the managed account name.
- Ticket Number: Displays the ticket number, if required.
- Requested For: Displays the date and time as well as the window of availability (for example, March 20, 2021 9:56 AM 2 hours).
- Search: For more information, see Search box..
Select Reviews on the left of the page to manage reviews. On the Reviews page, you can:
- View details by selecting a request then looking at the details display on the right of the page, including the workflow.
- Mark one or more request as reviewed: Select the requests. Do the following:
- If no comment is needed, click Mark all the selected requests as reviewed.
- If a comment is needed, this icon will display as One or more of the selected requests requires review comments. Add the comment. Then, click Mark as Reviewed.
- Change the columns that display: Click Select columns to display then select the columns you want to see.
- Action: Displays This request requires review comments or Mark only this request as reviewed.
- Requester: Displays the user name of the requester.
- Access Type: Displays the type of access (for example, Password, SSH Key, RDP, RDP Application, SSH, API Key, or Telnet).
- Account: Displays the managed account name.
- Ticket Number: Displays the ticket number, if required.
- Request For/Duration: Displays the date and time as well as the window of availability (for example, March 20, 2021 9:56 AM 2 hours).
- Search: Click Search to see a list of searchable elements. Or, enter search characters. For more information, see For more information, see Search box..