立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 6.13.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Discovered SSH Keys

You can view the current SSH Key Discovery results for a selected partition. The number of discovered keys for an account will reflect the number of SSH keys discovered in the account's authorized keys file.

SSH keys currently in use by an account will have a check mark in the SSH Key Managed column in the Discovered SSH Keys properties grid (see below).

Go to Discovered SSH Keys:

  • web client: Navigate to Asset Management | Discovery | Discovered Items | SSH Keys tile.
  • desktop client: Navigate to Administrative Tools | Discovery | SSH Keys | Discovered SSH Keys tile.

Select the partition for which you want to see the SSH Key results.

Use these toolbar buttons to manage the discovered accounts.

Table 110: Discovery: Discovered SSH Keys toolbar
Option Description

( desktop client only) Partition

Select the partition for the SSH key discovery.

Revoke

Use this button to revoke access for unmanaged SSH keys.

Refresh

Retrieve and display an updated list of discovered SSH keys. If SSH Keys are deleted from the account's authorized keys file, they will be removed from the discovered list when the discovery job runs.

Search

Enter the character string to be used to search for a match. For more information, see Search box.

The following information displays.

Table 111: Discovery: Discovered SSH Keys properties grid
Property Description

Fingerprint

The fingerprint of the SSH key used for authentication.

( web client only) Account Status

The status of the account where the SSH key was discovered.

SSH Key Managed

This column will have a check mark indicating the SSH key currently in use on the account.

Comment

Free form comment included in the SSH key.

Key Type

The SSH authentication key type, such as RSA and DSA. For more information, see SSH Key Management settings.

Key Length

The supported RSA or DSA key length displays. For more information, see SSH Key Management settings.

Asset Name

The name of the asset where the SSH key was discovered.

Account

The name of the account where the SSH key was discovered.

( desktop client only) SSH Key Profile

The name of the SSH key profile that governs the accounts assigned to a partition.

Date/Time Discovered

The date and time when the SSH key was discovered.

Entitlements

A Safeguard for Privileged Passwords entitlement is a set of access request policies that restrict system access to authorized users. Typically, you create entitlements for various job functions; that is, you assign permissions to perform certain operations to specific roles such as Help Desk Administrator, Unix Administrator, or Oracle Administrator. Password and SSH key release entitlements consist of users, user groups, and access request policies. Session access request entitlements consist of users, user groups, assets, asset groups, and access request policies.

The Auditor and the Security Policy Administrator have permission to access Entitlements. An administrator creates an entitlement, then creates one or more access request policies associated with the entitlement, and finally adds users or user groups.

Go to Entitlements:

  • desktop client: Navigate to Administrative Tools | Entitlements
  • web client: Navigate to Security Policy Management | Entitlements

If there are one or more invalid or expired policies, a Warning and message (for example, Entitlement contains at least one invalid policy) displays. Go to the Access Request Policy tab to identify the invalid policy. For more information, see Access Request Policies tab (entitlements).

The Entitlements view displays the following information:

  • General tab (entitlements): Displays the general and time restriction settings information for the selected entitlement.
  • Users tab (entitlements): Displays the user groups or users who are authorized to request access to the accounts or assets in the scope of the selected entitlement's policies. Certificate users are included in the display if the user was created during a Safeguard for Privileged Sessions link and was assigned and used by a Sessions Appliance. The certificate users created during the link can be added to the Users tab but are not there by default.
  • Access Request Policies tab (entitlements): Displays the access request policies that govern the accounts or assets in the selected entitlement, including session access policies.
  • History tab (entitlements): Displays the details of each operation that has affected the selected entitlement.

Use these toolbar buttons to manage entitlements.

  • Add Entitlement/New Entitlement: add entitlements to Safeguard for Privileged Passwords. For more information, see Adding an entitlement (desktop client).
  • Delete Selected/Delete: Remove the selected entitlement. For more information, see Deleting an entitlement.
  • ( web client only) Edit: Select an entitlement then click this button to open additional information and options for the asset.

  • ( web client only) Create a New Entitlement from the Selected Row: Select an entitlement then click this button to duplicate the entitlement.

  • Refresh: Update the list of entitlements.
  • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute click Search and select an attribute to search. For more information, see Search box.

General tab (entitlements)

The General tab lists information about the selected entitlement.

To access General:

  • desktop client: Navigate to Administrative Tools | Entitlements | General.
  • web client: Navigate to Security Policy Management | Entitlements | (New Entitlement) or (Edit) | General.

Users tab (entitlements)

The Users tab displays the users and user groups who are authorized to request access for the accounts and assets in the scope of the selected entitlement's policies. Certificate users are included in the display if the user was created during a Safeguard for Privileged Sessions link and was assigned and used by a Sessions Appliance. The certificate users created during the link can be added to the Users tab but are not there by default.

To access General:

  • desktop client: Navigate to Administrative Tools | Entitlements | Users.
  • web client: Navigate to Security Policy Management | Entitlements | (edit) | Users.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级