立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 7.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Enable or Disable Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions About us

Attributes tab (edit asset)

NOTE: The Attributes tab only appears after you have successfully added a new asset and is accessed by editing the asset.

In the web client, the Attributes tab is used to add attributes to directory assets (including Active Directory and LDAP). For more information, see Adding identity and authentication providers.

IMPORTANT: Some Active Directory attributes are fixed and cannot be changed.

Table 107: Active Directory and LDAP: Attributes tab
Safeguard for Privileged Passwords Attribute Directory Attribute
User
ObjectClass

Default: user for Active Directory, inetOrgPerson for LDAP

Click Browse to select a class definition that defines the valid attributes for the user object class.

Username

sAMAccountName for Active Directory, cn for LDAP

Password

userPassword for LDAP

Description

description

MemberOf

Blank by default, this attribute can be set to a directory schema attribute that contains the list of directory groups of which the user is a member.

Alternate Login Name

userPrincipalName

NOTE:

By default the Alternate Login Name attribute for directories is set to userPrincipalName, however another directory attribute containing a UPN type account name can be used.

This attribute can be used in conjunction with the API's UseAltLoginName setting (disabled by default) which will instead use the Alternate Login Name as the account name. The API is PUT https://<host>/service/core/v3/AccessPolicies/{id} where the {id} is the id of the accessPolicy where you'll set the UseAltLoginName to true. UseAltLoginName is a boolean field on the asset data object.

Group
ObjectClass

Default: group for Active Directory, groupOfNames for LDAP

Click Browse to select a class definition that defines the valid attributes for the computer object class.

Name

sAMAccountName for Active Directory, cn for LDAP

Member

member

Computer  

ObjectClass

Default: computer for Active Directory, ipHost for LDAP

Click Browse to select a class definition that defines the valid attributes for the computer object class.

Name

cn

Network Address

dNSHostName for Active Directory, ipHostNumber for LDAP

Operating System

operatingSystem for Active Directory

Operating System Version

operatingSystemVersion for Active Directory

Description

description

Checking an asset's connectivity

After you add an asset you can verify that Safeguard for Privileged Passwords can log in to it using the Test Connection option.

NOTE: When you run Test Connection from the asset's Connection tab (such as when you add the asset initially), you must enter the service account credentials. Once you add the asset to Safeguard for Privileged Passwords it saves these credentials.

The Test Connection option does not require that you enter the service account credentials because it uses the saved credentials to verify that it can log in to that asset.

To check an asset's connectivity

  1. Navigate to Asset Management > Assets.

  2. Select an asset.

  3. Click the Test Connection button.

    Safeguard for Privileged Passwords displays a task pane that shows the results.

Assigning an asset to a partition

Use the Assets view to assign an asset to a partition. An asset can only be in one partition at a time. When you add an asset to a partition, all accounts associated with that asset are automatically added to that partition, as well.

You cannot remove an asset from a partition. However, you can add the asset to another partition either from the scope of the other partition or from an asset's Properties tab.

To assign an asset to a partition

  1. Navigate to Asset Management > Assets.

  2. Select an asset and click View Details.

  3. Under Management, click Edit.

  4. Click the Browse button associated with the Partition field.

  5. Once you have selected a partition, click Select Partition to save the selection.

  6. Click OK to save your changes.

Assigning a profile to an asset

Use the Assets view to assign a profile to an asset.

To assign a profile to an asset

  1. Navigate to Asset Management > Assets.

  2. Select an asset and click View Details.

  3. Under Management, click Edit.

  4. Click the Browse button associated with the Password Profile field.

  5. Once you have selected a password profile, click Select Password Profile to save the selection. You can only choose profiles that are in the selected asset's partition.

  6. Click OK to save your changes.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级