立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 7.4.2 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Account Groups

A Safeguard for Privileged Passwords account group is a set of accounts which you can add to the scope of an access request policy. For more information, see Creating an access request policy.

The Auditor and the Security Policy Administrator have permission to access Account Groups.

To access Account Groups, in the web client, navigate to Security Policy Management > Account Groups.

The Account Groups view displays the following information about the selected account group.

Use these toolbar buttons to manage account groups.

Properties tab (account group)

The Properties tab lists information about the selected Account Group.

To access Properties:

  • web client: Navigate to Security Policy Management > Account Groups > (View Details) > Properties.
Table 181: Account Groups Properties tab: General properties
Property Description

Name

The selected account group's name

Description

Information about the selected account group

Account Rules

For dynamic account groups, a summary of the asset account rules defined

Accounts tab (account group)

The Accounts tab displays the accounts associated with the selected account group.

To access Accounts, in the web client, navigate to Security Policy Management > Account Groups > View Details > Accounts.

Table 182: Account Groups: Accounts tab properties

Property

Description

Name

Name of the account belonging to the selected account group.

Parent

The asset to which the account belongs.

Domain Name

For directory accounts, the name of the domain the account is associated with.

Disabled

A check in this column indicates that the account is not managed.

Service Account

A check in this column indicates that the account is a service account.

Password Request

A check in this column indicates that password release requests are enabled for this account.

Session Request

A check in this column indicates that session access requests are enabled for this account.

SSH Key Request

A check in this column indicates that SSH key access requests are enabled for this account.

Password

A check in this column indicates that a password is set for the selected account. For more information, see Checking, changing, or setting an account password..

SSH Key

A check in this column indicates that an SSH key is set for the selected account. For more information, see Checking, changing, or setting an SSH key..

Description

Information about the account.

Use these buttons on the details toolbar.

Table 183: Account Groups: Access Request Policies tab toolbar

Option

Description

Add Account

To add one or more accounts to the account group you selected.

Remove

Remove the selected account.

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh

Update the list of accounts.

Search

To locate a specific account in this list, enter the character string to be used to search for a match. For more information, see Search box..

Access Request Policies tab (account group)

The Access Request Policies tab displays the entitlements and policies. These may include policies for password and SSH key release and session request policies that are associated with the selected account group.

To access Access Request Policies, in the web client, navigate to Security Policy Management > Account Groups > View Details > Access Request Policies.

Table 184: Account Groups: Access Request Policies tab properties

Property

Description

Entitlement

The name of the access request policy's entitlement.

Access Request Policy

The name of the policy that governs the accounts in the selected account group.

# Account Groups

The number of unique account groups in the access request policy.

# Accounts

The number of unique accounts in the account groups that are associated with the access request policy.

Use these buttons on the details toolbar to manage your access request policies associated with the selected account group.

Table 185: Account Groups: Access Request Policies tab toolbar

Option

Description

Add

Add the selected account group to the scope of one or more access request policy. Clicking this button displays the Access Policies dialog, allowing you to select a policy.

Remove

Remove the selected account group from the scope of the selected access policy.

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh Update the list of access request policies.
Search

To locate a specific policy or set of policies in this list, enter the character string to be used to search for a match. For more information, see Search box..

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级