立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 6.13.1 - User Guide

Introduction System requirements and versions Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests About us

Licenses

As a Safeguard for Privileged Passwords user, if you get an "appliance is unlicensed" notification, contact your Appliance Administrator.

Hardware appliance

The One Identity Safeguard for Privileged Passwords 3000 Appliance and 2000 Appliance ship with the Privileged Passwords module which requires a valid license to enable functionality.

You must install a valid license. Once the module is installed, Safeguard for Privileged Passwords shows a license state of Licensed and is operational. If the module license is not installed, you have limited functionality. That is, even though you will be able to configure access requests, if a Privileged Passwords module license is not installed, you will not be able to request a password release.

Virtual appliance Microsoft Windows licensing

You must license the virtual appliance with a Microsoft Windows license. We recommend using either the MAK or KMS method. Specific questions about licensing should be directed to your Sales Representative. The virtual appliance will not function unless the operating system is properly licensed.

Licensing setup and update

To enter licensing information when you first log in

The first time you log in as the Appliance Administrator, you are prompted to add a license. The Success dialog displays when the license is added.

On the virtual appliance, the license is added as part of Initial Setup.

To configure reminders for license expiration

To avoid disruptions in the use of Safeguard for Privileged Passwords, the Appliance Administrator must configure the SMTP server, and define email templates for the License Expired and the License Expiring Soon event types. This ensures you will be notified of an approaching expiration date.

Users are instructed to contact their Appliance Administrator if they get an "appliance is unlicensed" notification.

As an Appliance Administrator, if you receive a "license expiring" notification, apply a new license.

To update the licensing file

Licensing update is only available using a virtual machine, not via the hardware.

web client: To perform licensing activities

Go to the licensing page:

  1. Navigate to Appliance | Licensing.
    • To upload a new license file, click Upload new license file and browse to select the current license file.
    • To remove the license file, select the license and click Remove selected license.

desktop client: To perform licensing activities

  1. Navigate to Administrative Tools | Settings | Appliance | Licensing.
    • To upload a new license file, click Add License and browse to select the license file.
    • To update a license file, select the license then select Update License in the lower left corner of a module's licensing information pane, select the license file, and click Open.

Long Term Support (LTS) and Feature Releases

Releases use the following version designations:

  • Long Term Support (LTS) Releases: The first digit identifies the release and the second is a zero (for example, 6.0 LTS).
  • Maintenance LTS Releases: A third digit is added followed by LTS (for example, 6.0.6 LTS).
  • Feature Releases: The Feature Releases version numbers are two digits (for example, 6.6).

Customers choose between two paths for receiving releases: Long Term Support (LTS) Release or Feature Release. See the following table for details.

Table 6: Comparison of Long Term Support (LTS) Release and Feature Release
  Long Term Support (LTS) Release Feature Release
Release frequency

Frequency: Typically, every 2 years

Scope: Includes new features, resolved issues and security updates

Versioning: The first digit identifies the LTS and the second digit is a 0 (for example, 6.0 LTS, 7.0 LTS, and so on).

Frequency: Typically, every 3 months

Scope: Includes the latest features, resolved issues, and other updates, such as security patches for the OS

Versioning: The first digit identifies the LTS and the second digit is a number identifying the Feature Release (for example, 6.6, 6.7, and so on).

Maintenance Release

Frequency:Typically, every 3 months during full support

Scope: Includes critical resolved issues

Versioning: A third digit designates the maintenance LTS Release (for example, 6.0.6 LTS).

Frequency:Only for highly critical issues

Scope: Includes highly critical resolved issues

Versioning: A third digit designates the maintenance Feature Release (for example, 6.6.1).

Support

Support extends typically 3 years after the original publication date or until the next LTS is published (whichever date is later).

Support extends typically 6 months after the original publication date or until the next feature or LTS Release is published (whichever date is later).

Release details can be found at Product Life Cycle.

CAUTION: Downgrading from the latest Feature Release, even to an LTS release, voids support for SPP.

One Identity strongly recommends always installing the latest revision of the release path you use (Long Term Support path or Feature Release path).

Moving between LTS and Feature Release versions

You can move from an LTS version (for example, 6.0.7 LTS) to the same feature version (6.7) and then patch to a later feature version. After that, you can patch from the minimum version for the patch, typically N-3. If you move from an LTS version to a feature version, you will receive a warning like the following which informs you that you will only be able to apply a Feature Release until the next LTS Release:

Warning: You are patching to a Feature Release from an LTS Release. If you apply this update, you will not be able to upgrade to a non-Feature Release until the next LTS major release version is available. See the Administration Guide for details.

You cannot move from a Feature Release to LTS Release. For example, you cannot move from 6.7 to 6.0.7 LTS. You have to keep upgrading with each new Feature Release until the next LTS Release version is published. For this example, you would wait until 7.0 LTS is available.

Patching

You can only patch from a major version. For example, if you have version 6.6 and want to patch to 7.7, you must patch to 7.0 LTS and then apply 7.7.

An LTS major version of Safeguard for Privileged Passwords (SPP) will only work with the same LTS major version of Safeguard for Privileged Sessions (SPS). For the best experience, it is recommended you use the latest supported version.

Using the web client

The web client uses a responsive user interface design to adapt to the user's device, from desktops to tablets or mobile phones. Only one user session will persist during a browser session. Any tabs opened after initial authentication will use the existing user session.

NOTE: In this documentation, you will see the following icons which denote the interface:

(web client)

(desktop client)

To log into the web client application

The following steps assume the One Identity Safeguard for Privileged Passwords Appliance has been configured and licensed. As a Safeguard for Privileged Passwords user, if you get an appliance is unlicensed notification, contact your Appliance Administrator.

  1. From your browser, enter the Safeguard for Privileged Passwords URL with the IP address, such as https://11.1.111.11.
  2. If a login notification displays, click OK to accept the notifications and restrictions stated.
  3. On the user log in screen, enter your credentials and click Log in.

Updating your avatar photo

To change your photo in the web client, expand the Username drop-down in the upper right and select My Settings. On the My Settings page, select My Account and click the circle icon with the username. Select the image file (under 64 KiB), then click Open. You can right-click the photo to save or perform other photo options.

Using the left navigation menu

NOTE: Use the button on mobile devices to expand and collapse the navigation menu.

The pages available to you display on the left. You will see Home and, based on your role, you may also see the following pages (depending on role, these pages may already be listed in the left navigation pane without having to expand the top level heading):

  • Access Requests

    • My Requests

    • Personal Password Vault

    • Approvals

    • Reviews

  • Appliance Management:

    • Appliance

    • Backup and Retention

    • Certificates

    • Cluster

    • Enable or Disable Services

    • External Integration

    • Real-Time Reports

    • Safeguard Access

    • Search

  • Asset Management

    • Accounts

    • Assets

    • Partitions

    • Discovery

    • Profiles

    • Tags

  • Security Policy Management

    • Account Groups

    • Application to Application

    • Approval Anywhere

    • Cloud Assistant

    • Asset Groups

    • Entitlements

    • Linked Accounts

    • User Groups

  • User Management

    • Users

    • User Groups

You can reduce the left menu using the button located at the bottom of the left navigation menu.

Home

Click Home to go to the home page. The Home page is tailored to your user rights and permissions. If you are authorized by an entitlement to request, approve, or review access requests, then your Home page gives you a quick view to the access request tasks that need your immediate attention.

Based on your role, the dashboard displays My Requests, Approvals, and Reviews, the number of tasks in each queue, and the status of each task (for example, Available, Denied, Revoked, Pending) as well as whether the task is Due Today.

Additional widgets may also be available. For example: Appliance Resources and Cluster Status.

In addition to tasks based on your role, you can perform the following from the Home page:

  • Customize the information that is displayed on the page. Click Settings.
  • Read the Message of the Day from the Appliance Administrator.
Requester's Home page view

Click the New Request button to open the New Access Request dialog, which lists the assets and accounts you are authorized to access. From this dialog you specify the assets, accounts and the type of access you are requesting, and additional details about the request.

For more information, see:

Click My Requests to view the requests awaiting action.

For more information, see:

The Favorites pane displays a list of requests you have marked as a favorite, providing a quick way to request access. For more information, see Desktop client favorite request.

Approver's Home page view

Your job is to approve or deny the access requests listed on your Home page. Click Approvals to view the requests awaiting your approval. As an approver, unless you are also designated as a requester, you will see no favorites listed.

For more information, refer to these topics:

Reviewer's Home page view

Your job is to review completed access requests listed on your Home page. Click Reviews to view the completed requests requiring your review. As a reviewer, unless you are also designated as a requester, you will see no favorites listed.

For more information, refer to these topics:

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级