立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

None

When the asset's Authentication Type on the Connection tab is set to None, Safeguard for Privileged Passwords does not manage any accounts associated with the asset and does not store asset related credentials.

All assets must have a service account in order to check and change the passwords for the accounts associated with it.

Select the Auto Accept SSH Host Key to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the archive server.

Attributes tab (add asset)

The Attributes tab is used to add attributes to directory assets, including Active Directory and LDAP. For more information, see Adding identity and authentication providers.

Table 55: Active Directory and LDAP: Attributes tab
Safeguard for Privileged Passwords Attribute Directory Attribute
Users
Object Class

Browse to select a class definition that defines the valid attributes for the user object class.

Default: user for Active Directory, inetOrgPerson for LDAP

User Name

sAMAccountName for Active Directory, cn for LDAP

Password

userPassword for LDAP

Description

description

Groups
Object Class

Browse to select a class definition that defines the valid attributes for the computer object class.

Default: group for Active Directory, groupOfNames for LDAP

Name

sAMAccountName for Active Directory, cn for LDAP

Member

member

Computer Attributes

 

Object Class

Browse to select a class definition that defines the valid attributes for the computer object class.

Default: computer for Active Directory, ipHost for LDAP

Name

cn

Network Address

dNSHostName for Active Directory, ipHostNumber for LDAP

Operating System

operatingSystem for Active Directory

Operating System Version

operatingSystemVersion for Active Directory

Description

description

Checking an asset's connectivity

After you add an asset you can verify that Safeguard for Privileged Passwords can log in to it using the Check Connection option.

Note: When you run Test Connection from the asset's Connection tab (such as when you add the asset initially), you must enter the service account credentials. Once you add the asset to Safeguard for Privileged Passwords it saves these credentials.

The Check Connection option does not require that you enter the service account credentials because it uses the saved credentials to verify that it can log in to that asset.

To check an asset's connectivity

  1. Navigate to Administrative Tools | Assets.
  2. From Assets, right-click an asset in the object list to open the asset's context menu.
  3. Choose the Check Connection option.

    Safeguard for Privileged Passwords displays a Toolbox task pane that shows the results.

Related Topics

About Test Connection

About service accounts

Assigning an asset to a partition

Use the Assets view to assign an asset to a partition. An asset can only be in one partition at a time. When you add an asset to a partition, all accounts associated with that asset are automatically added to that partition, as well.

You cannot remove an asset from a partition. However, you can add the asset to another partition either from the scope of the other partition or from an asset's General properties.

To assign an asset to a partition

  1. Navigate to Administrative Tools | Assets.
  2. In Assets, double-click an asset to open the general properties, or click the  Edit icon next to the General title on the General tab.
  3. On the Asset dialog, Browse to select a partition.
  4. ClickOK.
Related Topics

Adding assets to a partition

相关文档