立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

Adding an asset to asset groups

Use the Asset Groups tab on the Assets view to add an asset to one or more asset groups.

Only the assets that support session management can be added to asset groups and dynamic asset groups. Assets that do not support session management include but may not be limited to Directory assets. When you create the asset, the Management tab has an Enable Session Request check box if sessions is supported. For more information, see Supported platforms.. This section lists SPP and SPS support by platform.

To add an asset to asset groups

  1. Navigate to Administrative Tools | Assets.
  2. In Assets, select an asset from the object list and open the Asset Groups tab.
  3. Click Add Asset Group from the details toolbar.
  4. Select one or more asset groups from the list in the Asset Groups selection dialog and click OK.

If you do not see the asset group you are looking for and have Security Policy Administrator permissions, you can click Create New and add the new asset group. Enter the information and click Add Asset Group. For more information on creating asset groups, see Adding an asset group.

Modifying an asset

You can modify an asset.

To modify an asset

  1. Navigate to Administrative Tools | Assets.
  2. In Assets, select an asset from the object list.
  3. Select the view of the asset's information you want to modify ( such as General, Accounts, or Account Dependencies, Access Request Policies, Asset Groups, Discovered Services, or History).

    For example:

    • To change an asset's connection information, for example, connection timeout, double-click the Connection information in the General tab or click the  Edit icon. You can also double-click an asset name to open the General settings edit window.

      NOTEs:

      The following notes apply to attempting to change information on the General tab.

      • Profile: You can only edit or remove a Service Account Profile when adding an asset. To update or remove the asset's service account profile, go to Accounts, select the service account, and edit it to update the profile. For more information, see General tab (account).
      • Management tab, Product: Other platform details: Any Other platform type can be changed to different platform type. Conversely, any platform type can be changed to Other, however, any property values specific to the current platform type will be lost. For example, you may want to change an Other Linux operating system to any type of Linux, such as AIX, HP-UX, or Solaris. Then, the specific platform type can be changed back to Other, if needed.

    • To add (or remove) an account to this asset, switch to the Accounts tab.
    • To add (or remove) a directory account to a Windows server as an account dependency, switch to the Account Dependencies tab. For more information, see Adding account dependencies.
  4. To view or export the details of each operation that has affected the selected asset, switch to the History tab. To export, select the time frame then click Export.

Related Topics

Adding an asset

Adding a custom platform

Creating a custom platform script

Deleting an asset

The Asset Administrator can delete an asset even if there are active access requests.

Important:When you delete an asset, you also permanently delete all the Safeguard for Privileged Passwords accounts associated with the asset.

To delete an asset

  1. Navigate to Administrative Tools | Assets.
  2. In Assets, select an asset from the object list.
  3. Click Delete Selected.
  4. Confirm your request.

Importing objects

Safeguard for Privileged Passwords allows you to import a .csv file containing a set of accounts, assets, or users. A .csv template for import can be downloaded when you click  Import from the toolbar. For more information, see Creating an import file.

Once an import is completed, you can navigate to the Tasks pane in the Toolbox for details about the import process and invalid data messages. For more information, see Viewing task status.

To import objects

  1. In Administrative Tools, click Assets, Accounts, or Users based on what data you are importing.
  2. Click  Import from the toolbar.
  3. In the Import dialog, Browse to select an existing .csv file containing a list of objects to import.
  4. When importing assets, the Discover SSH Host Keys option is selected by default indicating that Safeguard will retrieve the required SSH host key for the assets specified in the .csv file.
  5. Click OK.

    Safeguard for Privileged Passwords imports the objects into its database.

    Note:Safeguard for Privileged Passwords does not add an object if any column contains invalid data in the .csv file, with the following exceptions:

    • Assets PlatformDisplayName property:
      1. If Safeguard for Privileged Passwords does not find an exact match, it looks for a partial match. If it finds a partial match, it supplies the <platform> Other platform, such as Other Linux.
      2. If it does not find a partial match, it supplies the Other platform type.
    • Users TimeZoneId property:
      1. If Safeguard for Privileged Passwords does not find a valid TimeZoneId property (that is, does not find an exact match or no time zone was provided), it uses the local workstation's current time zone.

        Note: Do not enter numbers or abbreviations for the TimeZoneId.

    • Users Password property:
      1. Safeguard for Privileged Passwords adds a user without validating the password you provide.

Details for importing directory assets, service accounts, users, and user groups

You can use the steps like those above to import your existing directory infrastructure (such as Microsoft Active Directory). Additional information specific to directory import follows.

  1. Import the directory (and service account) via Administrative Tools | Assets | Import Asset and browse to select the .csv file. Safeguard for Privileged Passwords imports the directory as an asset.

    The directory's service account is automatically added to the list of accounts you can viewed via the Assets | Accounts tab.

  2. Import users and user groups.
    1. Import directory users via Administrative Tools | Users | Import Users and browse to select the .csv file.
    2. Assign to user groups via Administrative Tools | Users Groups | Users (select one or multiple users).
    3. Automatic synchronization: Once you import directory users and directory groups, Safeguard for Privileged Passwords automatically synchronizes the objects in its database with the directory schema attributes. User and group membership changes in the directory are reflected in Safeguard for Privileged Passwords. Directory users authenticate to Safeguard for Privileged Passwords with their directory credentials.

Active Directory and LDAP synchronization

Active Directory and LDAP data is automatically synchronized by asset or identity and authentication providers schema as shown in the following lists.

Asset schema list

  • Users
    • Username
    • Password (modifiable in LDAP and not modifiable in Active Directory)
    • Description
  • Groups
    • Name
    • Member
  • Computer
    • Name
    • Network Address
    • Operating System
    • Operating System Version
    • Description

Identity and Authentication Providers schema list

  • Users
    • Username
    • First Name
    • Last Name
    • Work Phone
    • Mobile Phone
    • Email
    • Description
    • External Federation Authentication
    • Radius Authentication
    • Managed Objects
  • Groups
    • Name
    • Members
    • Description
相关文档