立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 7.5 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Managing account groups

Use the controls and tabbed pages in the Account Groups view to perform the following tasks to manage SPP account groups:

Adding an account group

It is the responsibility of the Security Policy Administrator to add account groups to SPP.

To add an account group

  1. Navigate to Security Policy Management > Account Groups.
  2. Click  Add > Account Group from the toolbar.
  3. In the New Account Group dialog, enter the following information:

    • Name: Enter a unique name for the account group.

      Limit: 50 characters

    • Description: (Optional) Enter information about this account group.

      Limit: 255 characters

  4. Click OK.

Adding a dynamic account group

It is the responsibility of the Security Policy Administrator to add dynamic account groups to SPP.

Dynamic account groups are associated with rules engines that run when pertinent objects are created or changed. For example:

  • Whenever you add or change an asset account, all applicable rules are reevaluated against that asset account.
  • Whenever you change an asset account rule, the rule is reevaluated against all asset accounts within the scope of that rule. In other words, the rule is reevaluated against all asset accounts for grouping and the asset accounts within the designated partitions for tagging.

You can create a dynamic account group without any rules; however, no accounts will be added to this dynamic account group until you have added a rule.

In large environments, there is a possibility that the user interface may return before all of the rules have been reevaluated and you may not see the results you were expecting. If this happens, wait a few minutes and Refresh the screen to view the results.

To add a dynamic account group

  1. Navigate to Security Policy Management > Account Groups.

  2. Click Add > Account Dynamic Group from the toolbar.

  3. In the New Account Group dialog, provide information in each of the tabs:

    Table 187: Information to provide when adding a dynamic account group

    Tab

    Information to provide

    General tab (add dynamic account group)

    Where you add general information about the dynamic account group.

    Account Rules tab (add dynamic account group)

    Where you define the rules to be used to identify the accounts to be included in a dynamic account group.

General tab (add dynamic account group)

On the General tab of the Dynamic Account Group dialog, supply general information about the dynamic account group.

Table 188: Dynamic Account Group: General tab
Property Description
Name

Enter a unique name for the dynamic account group.

Limit: 50 characters

Description

Enter information about this dynamic account group.

Limit: 255 characters

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级