立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

Deleting an Asset Discovery job

You can delete an Asset Discovery job.

  1. Navigate to Administrative Tools | Discovery.
  2. Click the Asset Discovery tile and select the Asset Discovery job to delete.
  3. Click Delete.
  4. Click OK.

Asset Discovery Results

You can view the results of running one or more Asset Discovery jobs.

  1. Navigate to Administrative Tools | Discovery and click the Asset Discovery Results tile.
  2. On the Asset Discovery Results grid:
    • Click Refresh to refresh the results.
    • Select the time frame of the completed jobs you want to display which ranges from the last 24 hours to the last 7, 30, 60, or 90 days. Or, click Custom to create a custom time frame.
  3. Click Search and enter the character string to be used to search for a match. For more information, see Search box.
  4. Click a column to sort the column information displayed for each job:
    • User: The user who ran the job or Automated System, if the job is run on an automated schedule
    • Date: The most recent date the Asset Discovery job successfully ran
    • Job Name: The name of the Asset Discovery job
    • Type: The type of Asset Discovery job (for example, Network Scan or Directory Scan)
    • Event: The outcome of running the Asset Discovery job event, which may be Asset Discovery Succeeded, Asset Discovery Failed, or Asset Discovery Started.
    • Partition: The partition in which the discovered assets will be managed
    • Appliance: The name of the Safeguard for Privileged Passwords Appliance
    • Directory: If applicable, the name of the directory on which the Asset Discovery job ran
    • # Assets Found: The number of asset found during the discovery job
  5. For additional detail on an Asset Discovery job result, double-click the result row to view the Asset Discovery Results pop-up window. On this window, click # of Assets Found to see a list of the assets.

Account Discovery

Account Discovery jobs include the rules Safeguard for Privileged Passwords uses to perform account discovery against assets. When you add an Account Discovery job, you can identify whether or not to automatically manage found accounts, whether to discover services, and whether to automatically configure dependent systems.

The accounts in the scope of the discovery job may include accounts that were previously added (manually) to the Safeguard partition. For more information, see Adding an account.

To configure and schedule Account Discovery jobs, perform one of the following:

  • You can create or edit an Account Discovery job from Administrative Tools | Discovery | Account Discovery. Then, associate assets to the Account Discovery job via the Occurrences button.

    IMPORTANT: You must click Occurrences to associate assets to the Account Discovery job. If you do not associate the assets to the Account Discovery job, the accounts will not be found.

  • You can create or edit an asset and, in the process, assign or create an Account Discovery job. For more information, see Adding an asset.
Supported platforms

Safeguard for Privileged Passwords supports account discovery on the following platforms:

  • AIX
  • HP-UX
  • Linux / Unix (based)
  • MAC OS X
  • Solaris
  • Windows (services and tasks)
Properties and toolbar

Navigate to Administrative Tools | Discovery | Account Discovery.

Use these toolbar buttons to manage the Account Discovery jobs.

Table 69: Account Discovery: Toolbar
Option Description
Add

Add an Account Discovery job. For more information, see Adding an Account Discovery job.

Delete Selected

Delete the selected Account Discovery job.

Refresh

Update the list of Account Discovery jobs.

Edit

Modify the selected Account Discovery job. You can also double-click a row to open the edit dialog.

Discover Accounts

Discover the accounts on the selected Account Discovery job. Select the asset on the Asset dialog. A Task pop-up displays which shows the progress and completion.

Discover Services

Discover the services on the selected Account Discovery job. Select the asset on the Asset dialog. A Task pop-up displays which shows the progress and completion.

Details

View additional details about the selected Account Discovery job.

Occurrences

Add, delete, or refresh the assets associated with the Account Discovery job.

IMPORTANT: You must associate the assets to the Account Discovery job for the accounts to be found.

Search

Enter the character string to be used to search for a match. For more information, see Search box.

Account Discovery jobs display in the grid.

Table 70: Account Discovery: Account Discovery job grid
Name Name of the discovery job
Creator Indicates the source of the job, for example, Automated System or a specific administrator.
Discovery Type The type of discovery performed, for example, Windows, Unix, or Directory.
Directory The directory on which the discovery job runs.
Partition

The partition in which to manage the discovered assets or accounts.

Schedule

Designates when the discovery job runs.

Discover Services

A check mark displays if the job will discover service accounts.

Auto Configure

A check mark displays if the accounts that are discovered in the Service Discovery job are automatically configured as dependent accounts on the asset.

Asset Count

Total number of assets assigned to the Account Discovery job. A Caution displays if no accounts are assigned to the Account Discovery job therefore no data will be discovered.

Double-click on an Account Discovery job to view the details.

Table 71: Account Discovery tab properties

Partition

The partition on which the Account Discovery job runs

Name The name of the Account Discovery job
Description

The description of the Account Discovery job

Discovery Type The type platform, for example, Windows, Unix, or Directory
Directory If applicable, the directory on which the selected Account Discovery job runs
Schedule The interval for the Account Discovery job to run
Rules
  • Name: Name of the discovery job
  • Rule Type: What the search is based on. For example, the rule may be Name based or Property Constraint based if the search is based on account properties. For more information, see Adding an Account Discovery rule.
  • Filter Search Location: If a directory is searched, this is the container within the directory that was searched.
  • Auto Manage: A check mark displays if discovered accounts are automatically added to Safeguard for Privileged Passwords.
  • Set default password: A check mark displays if the rule causes default passwords to be set automatically.
  • Assign to Profile: The partition profile assigned
  • Assign to Sync Group: A check mark displays if the rule automatically associated the accounts with a password sync group.
  • Enable Password Request: A check mark displays if the passwords is available for release.
  • Enable Session Request: A check mark displays if session access is enabled.
Related Topics

Account Discovery job workflow

Account Discovery job workflow

Safeguard for Privileged Passwords's Account Discovery jobs discover accounts of the assets that are in the scope of a partition profile. For more information, see About partition profiles. Account Discovery jobs can include service discovery.

You can configure, schedule, test, and run Account Discovery jobs. After the job has run, you can select whether to manage the account, if it was not identified to be automatically managed.

  1. Create an Account Discovery job and associate assets or create an asset and associate the Account Discovery job.
  2. Account Discovery jobs can be scheduled to run automatically. In addition you can manually launch these jobs in any of the following ways:

  3. After the Account Discovery job runs, you can mark the managed accounts from Administrative Tools | Discovery | Discovered Accounts.

    • Click Disable to prevent Safeguard for Privileged Passwords from managing the selected account.
    • Click Enable to manage the selected account and assign it to the scope of the default profile.

    Note: The discovery job finds all accounts that match the discovery rule's criteria regardless of the state and reports only the accounts discovered that do not currently exist. Account Discovery does not update existing accounts.

Search the Activity Center for information about discovery jobs that have run. Safeguard for Privileged Passwords lists the account discovery events in the Account Discovery Activity category.

相关文档