立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 7.5 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

User not notified

If a user did not receive an email notification, first check to see if you have set everything up in SPP correctly for the email notifications to work properly. For more information, see Enabling email notifications..

Notification lists

SPP does not dynamically maintain the email addresses for an escalation notification contact list.

If you change a SPP user's email address or delete a SPP user after creating a policy, you must update the email addresses in escalation notification contact lists manually. For example, when you create a policy, you can indicate who to contact when emergency access has been used. If a user has changed an email address, the notification will not be received by that individual. Furthermore, if a user has been deleted from SPP, the user will still receive the notification.

Frequently asked questions

The following topics will help you find answers to some of your questions about managing SPP:

Related Topics

Appliance

Troubleshooting

How do I audit transaction activity

The appliance records all activities performed within One Identity Safeguard for Privileged Passwords. Any administrator has access to the audit log information; however, your administrator permission set determines what audit data you can access.For more information, see Administrator permissions..

SPPprovides several ways to audit transaction activity:

How do I configure external federation authentication

One Identity Safeguard for Privileged Passwords supports the SAML 2.0 Web Browser SSO Profile, allowing you to configure federated authentication with many different Identity Provider STS servers and services, such as Microsoft's AD FS. Through the exchange of the federation metadata, you can create a trust relationship between the two systems. Then, you will create a SPP user to be associated with the federated user.

Safeguard supports both Service Provider (SP) initiated and Identity Provider (IdP) initiated logins.

  • For SP initiated, the user will first browse to Safeguard and choose External Federation as the authentication provider. After entering just their email address, they will be redirected to the external STS to enter their credentials and perform any two-factor authentication that may be required by that STS. After successful authentication, they will be redirected back to Safeguard for Privileged Passwords and logged in.
  • For IdP initiated logins, a user will first go to their IdP STS and authenticate. Typically, the customer will have configured Safeguard as an application within their STS, allowing the user to just click on a link or icon and be redirected to Safeguard, automatically being logged in without having to enter any further credentials.

NOTE: Additional two-factor authentication can be assigned to the associated SPP user to have the user authenticate again after being redirected back from the external STS.

To use external federation, you must first download a copy of, or have the URL to the federation metadata XML of your STS. For example, in Microsoft AD FS, you can download the federation metadata XML from: https://<adfs server>/FederationMetadata/200706/FederationMetadata.xml. Or if the SPP appliance can directly access that URL, it can be used as well when creating the provider.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级