立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 7.1.1 - Connect for Safeguard Assets User Guide

Using the Connect for Safeguard Assets service

Once you have added the Connect for Safeguard Assets service to your Starling organization, you have full access to the Connect for Safeguard Assets service which can be used in conjunction with Safeguard for Privileged Passwords to manage assets that are not connected to a corporate network.

To navigate through the service use the title bar along the top of the site, which contains the following links:

  • : If multiple organizations are associated with your account, this button (displaying the name of the organization you are currently viewing) appears and opens a drop-down menu that allows you to move between organizations.
  • : This button (displaying the first name of the account owner) opens a drop-down menu that allows you to select one of the following options:
    • My Services: Clicking this link takes you to the Starling home page.
    • Sign out: Clicking this link signs you out of Starling.
  • : Clicking this link opens the settings page where you can manage your entire Starling account. For more information, see the One Identity Starling User Guide.

The main pages available within Connect for Safeguard Assets are listed in the navigation bar, which is located beneath the title bar:

  • Downloads page: This is the home page of Connect for Safeguard Assets and provides insight into your service.
  • Collaborators page: This page is used to add additional collaborators to your Connect for Safeguard Assets service.

Downloads page

Upon opening Connect for Safeguard Assets, you will be directed to the Downloads page. This page contains a list of the platforms that Connect for Safeguard Assets supports connecting with in order to manage the associated assets. By connecting to these assets via Connect for Safeguard Assets instead of directly from Safeguard for Privileged Passwords, you are able to manage the assets without requiring they be connected to a corporate network.

Available Agents

This section contains the agent downloads for each of the supported platforms. Each agent tile displays the name of the platform it supports, the agent version, and a Download button.

Windows

For more information, see Downloading a Windows agent.

Linux

For more information, see Downloading a Linux agent.

Tokens

This section contains token downloads.

Agent Enrollment

For more information, see Downloading an Agent Enrollment token.

Downloading a Windows agent

The following explains the process for downloading and installing a Windows agent on a disconnected asset. The same token and agent binaries can be used by multiple machines which (depending on your organization's environment) may allow for this to be pushed out to multiple machines rather than having to manually install an agent on each individual machine.

To download a Windows agent

  1. On the Downloads page, click the Download button associated with the Windows tile.

    A zipped ConnectForSafeguardWindowsAgent folder will be downloaded according to your browser settings.

  2. Unzip the ConnectForSafeguardWindowsAgent folder.

  3. To the extracted ConnectForSafeguardWindowsAgent folder, add the agent enrollment token file (Downloading an Agent Enrollment token).

    CAUTION: Keep a copy of the enrollment token until the agent has been successfully enrolled. The token file will be automatically removed after each enrollment attempt (including failed attempts).

  4. Open a Command Prompt or PowerShell session.

  5. Run the enroll command on ConnectForSafeguardAssetsAgent.exe. The local service account used for enrollment must be a member of the local administrators group and have the Log on as a service permission either explicitly or via a group.

    Once the agent has been successfully enrolled, the Safeguard Disconnected Asset Agent will be installed under the service account along with a ConnectForSafeguardAssets certificate that is valid for 60 days. The agent will automatically attempt to renew the certificate after 30 days have passed since the last certificate was issued. However, if an agent is unable to re-enroll and the certificate expires, the re-enroll command can be used to re-enroll the agent (for more information, see Re-enrolling an installed agent).

  6. In Safeguard for Privileged Passwords, you can now add or discover the asset (using the Windows Desktop (Starling Connect) or Windows Server (Starling Connect) platforms). For more information, see the One Identity Safeguard for Privileged Passwords Administration Guide.

    Make sure the Agent ID is the same as shown in Safeguard for Privileged Passwords (Assets > (select asset) > Properties > Connection > (Edit) > StarlingAgentID). If the Agent ID is different, you need to update the StarlingAgentID in Safeguard for Privileged Passwords to match the Agent ID.

    NOTE: When running a password task in Safeguard for Privileged Passwords against a Windows agent, the task is created in a submitted state and will be updated once the agent processes the task. The amount of time this will take to update will vary depending upon the state of the machine the agent is running on.

Downloading a Linux agent

The following explains the process for downloading and installing a linux agent on a disconnected asset. The same token and agent can be used by multiple machines which (depending on your organization's environment) may allow for this to be pushed out to multiple machines rather than having to manually install an agent on each individual machine.

To download a Linux agent

IMPORTANT: If requiretty is enabled on your linux machine, you need to add the following line to the sudoers file:

Defaults:<service account name> !requiretty

  1. On the Downloads page, click the Download button associated with the Linux tile.

    A zipped ConnectForSafeguardLinuxAgent folder will be downloaded according to your browser settings.

  2. Unzip the ConnectForSafeguardLinuxAgent.zip folder.

  3. To the unzipped ConnectForSafeguardLinuxAgent.zip folder, add the agent enrollment token file (Downloading an Agent Enrollment token).

    CAUTION: Keep a copy of the enrollment token until the agent has been successfully enrolled. The token file will be automatically removed after each enrollment attempt (including failed attempts).

  4. Change the permissions on the ConnectForSafeguardAssetsAgent file (chmod 750) to make it executable.

  5. Using a service account that is a member of sudoers (you may need to run sudo ConnectForSafeguardAssetsAgent), run the enroll command on ConnectForSafeguardAssetsAgent.

    Once the agent has been successfully enrolled, the Safeguard Disconnected Asset Agent will be installed under the service account along with a SafeguardAssetsAgent certificate that is valid for 60 days. The agent will automatically attempt to renew the certificate after 30 days have passed since the last certificate was issued. However, if an agent is unable to re-enroll and the certificate expires, the re-enroll command can be used to re-enroll the agent (for more information, see Re-enrolling an installed agent).

  6. In Safeguard for Privileged Passwords, you can now add or discover the asset (using the Linux (Starling Connect) platform). For more information, see the One Identity Safeguard for Privileged Passwords Administration Guide.

    Make sure the Agent ID is the same as shown in Safeguard for Privileged Passwords (Assets > (select asset) > Properties > Connection > (Edit) > StarlingAgentID). If the Agent ID is different, you need to update the StarlingAgentID in Safeguard for Privileged Passwords to match the Agent ID.

    NOTE: When running a task in Safeguard for Privileged Passwords against a Linux agent, the task is created in a submitted state and will be updated once the agent processes the task. The amount of time this will take to update will vary depending upon the state of the machine the agent is running on.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级