立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

Adding assets to an asset group

From the Assets tab on the Asset Groups view, you can add one or more assets to an asset group.

To add assets to an asset group

  1. Navigate to Administrative Tools | Assets Groups.
  2. In Asset Groups, select an asset group from the object list and open the Assets tab.
  3. Click  Add Asset from the details toolbar.
  4. Select one or more assets from the list in the Assets selection dialog and click OK.

    Note: You can also double-click an asset name to add it.

If you do not see the asset you are looking for, depending on your Administrator permissions, you can create it in the Assets selection dialog. (You must have Asset Administrator permissions to create assets.)

To create a new asset from the Assets selection dialog

  1. Click Create New.

    For more information on creating assets, see Adding an asset.

  2. Create additional assets, as required.
  3. Click OK in the Assets selection dialog to add the assets to the selected asset group.

Modifying an asset group

To modify an asset group's information

  1. Navigate to Administrative Tools | Asset Groups.
  2. In Asset Groups, select an asset group from the object list.
  3. Select the view of the asset group's information you want to modify (General or Assets).

    For example:

    • To change an asset group's name or description, double-click the General information in the General tab or click the  Edit icon. You can also double-click an asset group name to open the General settings edit window.

    • To add (or remove) assets to the selected asset group, open the Assets tab.
  4. To view or export the details of each operation that has affected the selected asset group, open the History tab.

Deleting an asset group

You can delete an asset group. When you delete an asset group, Safeguard for Privileged Passwords does not delete the associated assets.

To delete an asset group

  1. Navigate to Administrative Tools | Asset Groups.
  2. In Asset Groups, select an asset group from the object list.
  3. Click Delete Selected.
  4. Confirm your request.

Discovery

Safeguard for Privileged Passwords discovery jobs can find assets, accounts, and services in your network environment. This can simplify initial deployment and ongoing maintenance of the privileged accounts in your network environment.

Details on the jobs follow.

  • Asset Discovery jobs find assets by searching directory assets, such as Active Directory, or by scanning network IP ranges. Rules control which assets are found. Asset Discovery jobs can be scheduled to run on regular intervals. The discovery job can be configured with templates to set default settings on newly created assets including connection details. The assets created by discovery jobs are considered to be managed by Safeguard, but this has no effect on the network asset. An asset with valid connection information can be used for account discovery.

    If you use asset discovery Method of Directory, directory assets that are shared can be discovered into any partition. To share a directory asset, select Available for discovery across all partitions for the asset; see Management tab (add asset).

  • Account Discovery: Account Discovery jobs find accounts by searching directory assets such as Active Directory or by scanning local account databases on Windows and Unix assets (/etc/passwd) that are associated with the account discovery job. Rules control which accounts are found. Account discovery jobs can be scheduled to run on regular intervals. The discovery job can be configured to set default settings on newly created accounts. Accounts found by account discovery are neither managed nor disabled until you decide to manage them or disable them. If an account is managed by Safeguard, this means the password can be managed according to the partition profile settings associated with the discovery job. Safeguard can make the account available for password and/or session requests according to configured entitlements and policy.

    The accounts in the scope of the discovery job may include accounts that were previously added (manually) to the Safeguard partition. For more information, see Adding an account.

  • Service Discovery: Service Discovery jobs find Windows services that run as accounts managed by Safeguard. If Safeguard is managing the service account password, Safeguard can update the Windows service configuration to match the password when the password changes and restart the service automatically.

Discovery tiles include the following:

  • Asset Discovery: The number of Asset Discovery jobs available to run against the directories or networks to discover assets for potential management displays. Click the tile for detail.
  • Asset Discovery Results: The number of Asset Discovery Results in the time frame indicated displays. Click the tile for detail.
  • Account Discovery: The number of Account Discovery jobs available to run against the in scope assets to discover accounts for potential management displays. Click the tile for detail.
  • Account Discovery Results: The number of Account Discovery Results in the time frame indicated displays. Click the tile for detail.
  • Discovered Accounts: The number of discovered accounts in the specified partition displays. Click the tile for detail.
  • Discovered Services: The number of discovered services in the specified partition displays. Click the tile for detail. You can launch discover service account jobs from Administrative Tools | Assets | Discovered Services. For more information, see Discovered Services tab (asset).
相关文档