Embedded Sessions Module
Safeguard for Privileged Passwords has an embedded sessions module.
Navigate to Administrative Tools | Settings | Sessions | Sessions Module. From the Sessions Module pane, an Appliance Administrator can view the current status of the One Identity Safeguard for Privileged Passwords Privileged Sessions module and reset the embedded sessions module.
Table 175: Sessions Module controls
 Refresh |
Click to retrieve and update the session module's status. |
 Health Check |
Click to run and display the results of the health check run against the sessions module.
An additional pane appears, displaying results for the following:
- HTTP: Checks whether Safeguard for Privileged Passwords can communicate with the sessions module via the internal web interface.
- SSH: Checks whether Safeguard for Privileged Passwords can communicate with the embedded sessions module via the internal SSH channel.
- SNMP: Checks whether Safeguard for Privileged Passwords can communicate with the embedded sessions module via the SNMP channel. It also checks whether the sessions module can report significant events back to Safeguard for Privileged Passwords via SNMP.
- Keys: Checks whether the proper keys are in place in order for the embedded sessions module to communicate back to Safeguard for Privileged Passwords.
- Internal: Checks whether the embedded sessions module can interact with Safeguard for Privileged Passwords once a session request has been made.
NOTE: The background of the Session Module Health pane changes colors indicating the current health of the embedded sessions module:
- Green: All components of the embedded sessions module are healthy (OK).
- Red: An error was encountered with at least one of the components. The error message is displayed.
Click X in the upper right corner to close the Session Module Health pane. |
| Module Status |
Displays the current status of the Privileged Sessions module. |
| Reset Sessions Module |
When the Privileged Sessions module is not responding and users cannot connect to their target systems, click the Reset Sessions Module button to reboot the embedded sessions module. Click Reset Now in the Reset Sessions Module confirmation dialog.
NOTE: Resetting the embedded sessions module will terminate all active sessions. |
SSH Banner
It is the responsibility of the Appliance Administrator to define the banner text shown to session users when they initiate a privileged session. The SSH banner notifies session users that One Identity Safeguard for Privileged Passwords will record the current session.
To define the SSH banner text
- Navigate to Administrative Tools | Settings | Sessions | SSH Banner.
- In the Banner Text box, enter the text to be displayed to session users.
- Click OK to save the message.
SSH Host Key
The SSH Host Key pane allows the Appliance Administrator to verify or specify the SSH host key is presented to the user's SSH client whenever an SSH session is started.
Navigate to Administrative Tools | Settings | Sessions | SSH Host Key.
Table 176: SSH Host Key settings
| Fingerprint |
Displays the SSH key fingerprint identifying the host to which you are currently connected. |
| Set New Key |
Click Set New Key to set a new SSH private key for authenticating to an SSH session. |
| Generate New Key Pair |
If you do not have an SSH key, click Generate New Key Pair to generate a new SSH key to use for authentication to an SSH session. |
| Download Public Key |
Click Download Public Key to download a public SSH key for authenticating to an SSH session. |
Users
A user is a person who can log in to Safeguard for Privileged Passwords. You can add both local users and directory users. Directory users are users from an external identity store such as Microsoft Active Directory. For more information, see Users and user groups.
Your administrator permissions determine what you can view in Users. Users displayed in a faded color are disabled. The following table shows you the tabs that are available to each type of administrator.
- Authorizer Administrator: General, History
- User Administrator: General, User Groups (directory users only), History
- Help Desk Administrator: General, History
- Auditor: General, User Groups , Partitions, Entitlements, Linked Accounts, History
- Asset Administrator: General, Partitions
- Security Policy Administrator: General, User Groups , Entitlements, Linked Accounts, History
The Authorizer Administrator typically controls the Enabled/Disabled state. For more information, see Enabling or disabling a user.
The Users view displays the following information about a selected user:
- General tab (user): Displays the authentication, contact information, location, and permissions for the selected user.
- User Groups tab (user): Displays the user groups in which the selected user is a member.
- Partitions tab (user): Displays the partitions over which the selected user is a delegated partition administrator.
- Entitlements tab (user): Displays the entitlements in which the selected user is a member; that is, an entitlement "user".
- Linked Accounts tab (user): Displays the directory accounts linked to the selected user.
- History (user): Displays the details of each operation that has affected the selected user.
Use these toolbar buttons to manage users:
Add User: 
Delete Selected: 
Import Users: 
User Security: Menu options include: Set Password and Unlock accounts. For more information about these options, refer to 
Permissions: Display the Permissions dialog showing what administrative permissions apply to the selected user.
Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click