立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 6.13.1 - Evaluation Guide

Discovery exercises

These exercises will guide you through a step-by-step evaluation of the Safeguard for Privileged Passwords discovery features:

Exercise 1: Discovering assets

Safeguard for Privileged Passwords allows you to set up Asset Discovery jobs to run automatically against the directory assets you have added to Safeguard for Privileged Passwords. For more information, see the Safeguard for Privileged Passwords Administration Guide, Asset Discovery section.

To create an Asset Discovery job using the Directory Method

  1. Log in as the Asset Administrator and navigate to  Administrative Tools | Discovery | Asset Discovery tile.
  2. Click  Add to create an Asset Discovery job.
  3. Provide information for the Asset Discovery job on the following tabs:
    Tab Description
    General tab
    1. Enter a name for the Asset Discovery job.
    2. For Partition, browse to select the partition.
    3. For Method, select Directory.
    Information tab In Directory, select the directory.
    Rules tab

    Click  Add to create an Asset Discovery rule:

    1. Enter a Name for the rule.
    2. For the Settings, click Add Condition to define criteria, including the search scope in the directory, then click OK.
    3. On the Asset Discovery Rule dialog, for Connection Template, leave the default of None.
    4. For Asset Profile, use the default profile to govern the discovered assets.
    5. Keep the Manged Network default value and click OK.
    Schedule tab You can skip adding the schedule to run the Asset Discovery job since we will run the discovery job manually for this exercise.
    Summary tab Review the discovery job and click Add Discovery.
  4. In the Asset Discovery dialog, select the job and click  Run Now. The Tasks pop-up shows the progress of the Asset Discovery job.
  5. When the Tasks pop-up indicates that the job is successful (Success), click the Asset Discovery Results tile.
  6. In the Asset Discovery Results grid:
    1. Select Last 24 Hours.
    2. Click Refresh to show the latest data.
    3. Double-click an Asset Discovery job to see the result of the discovery.
    4. Click on the number of # Assets Found to view individual discovered assets.
  7. To control management of an asset:

    1. Navigate to Administrative Tools | Assets.
    2. Right-click the asset then click Access Requests.
    3. Choose Enable Session Request or Disable Session Request.

    NOTE: When you ignore an asset, Safeguard for Privileged Passwords disables it and disables/hides all associated accounts. If you choose to Enable Session Request the asset later, Safeguard for Privileged Passwords reenables all the associated accounts.

  8. You can also search the Activity Center for information about discovery jobs that have run. This is the same information as presented in the the Asset Discovery Results grid.
    1. Click  Home.
    2. Under I would like to see, click Edit and select Asset Discovery Activity.
    3. Under ... occurring within the ..., click Edit and select Last 24 Hours.
    4. Keep the default of All Activity in the Last 24 Hours.
    5. Click the Run button.
    6. In the results grid, double-click the job to more information then click Details to show the progress of the Asset Discovery job.
    7. The Asset Discovery events are listed in the Activity Category column.
  9. To view all activity in the last 24 hours, return to the Activity Center dialog.
    1. Under I would like to see, click Edit and select All Activity.
    2. Click the Run button.
    3. In the grid, User column, click the filter, and select your User name.
    4. To display additional columns, click Column in the upper right corner and select additional columns, such as Appliance, Asset, Object Name, and Object Type.
    5. Double-click any of the rows to view additional information.

Set asset connection authentication credentials to define a service account

When None is selected as the Authentication Type, the discovered assets will not have a service account. In the next steps you will change the Authentication Type.

These steps provide valid information only if:

  • You have created a directory asset and directory accounts that will be used as the service account for the Windows asset discovered.
  • You have Linux assets that are discovered that have QAS installed and are joined to the directory.
  1. In Assets, select one of the newly discovered assets.
  2. On the General tab, double-click the Connection information box or click the  Edit icon next to it.
  3. Choose an Authentication Type of Directory Account and provide the service account credentials.

    NOTE: Safeguard for Privileged Passwords uses a service account to connect to an asset to securely manage passwords for the accounts on that asset.

Exercise 2: Discovering accounts

Safeguard for Privileged Passwords allows you to set up Account Discovery jobs to run automatically against the assets it manages in the scope of a partition.

To create an Account Discovery job

  1. Log in as the Asset Administrator and navigate to  Administrative Tools | Discovery | Account Discovery tile.
  2. Click  Add to create a new Account Discovery job.
    1. Browse to select a partition.
    2. Enter a Name for the setting, such as Daily. Description is optional.
    3. Select the Discovery Type that is the platform, for example, Windows, Unix, or Directory. Make sure the Discovery Type is valid for the assets associated with the Partition selected earlier on this dialog. If the Discovery Type is Directory, select the directory on which the Account Discovery job runs.
    4. Schedule the discovery job to run daily starting in about five minutes.
    5. In Rules, click Add to add a rule. Enter a Name, select Find All in Find By, and click OK.

      NOTE: If you opt to experiment with finding accounts based on rules, note that all search terms return exact matches and are case-sensitive.

  3. Click OK to save the Account Discovery job.
  4. Wait for the Account Discovery job to run.
  5. After the Account Discovery job runs see the job results and the accounts discovered. At any time, click  Refresh to update the information.
    1. Click the Account Discovery Results tile to see the results of the discovery job run.
    2. Click the Discovery Accounts tile to see the accounts that were discovered.
  6. You can also search the Activity Center for information about discovery jobs that have run. This is similar information as presented in the Account Discovery Results grid.
    1. Under I would like to see, click Edit and select Password Management Activity.
    2. Click the Run button.
    3. In the Events column, the Account Discovery events display.

About us

One Identity solutions eliminate the complexities and time-consuming processes often required to govern identities, manage privileged accounts and control access. Our solutions enhance business agility while addressing your IAM challenges with on-premises, cloud and hybrid environments.

Contacting us

For sales and other inquiries, such as licensing, support, and renewals, visit https://www.oneidentity.com/company/contact-us.aspx.

Technical support resources

Technical support is available to One Identity customers with a valid maintenance contract and customers who have trial versions. You can access the Support Portal at https://support.oneidentity.com/.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to:

  • Submit and manage a Service Request
  • View Knowledge Base articles
  • Sign up for product notifications
  • Download software and technical documentation
  • View how-to videos at www.YouTube.com/OneIdentity
  • Engage in community discussions
  • Chat with support engineers online
  • View services to assist you with your product
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级