立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 7.5 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Adding authorized user for Cloud Assistant

Once SPP is joined to Starling, use the Cloud Assistant page to add the SPP users that can use the Cloud Assistant feature to approve access requests.

To add users who are authorized to use Cloud Assistant

IMPORTANT: The user information configured in SPP must match the user information in the Starling Cloud Assistant channel. If the user information does not match, you will need to remove the user from both Security Policy Management > Cloud Assistant and Starling Cloud Assistant's Recipients page, then re-add the user to SPP using the correct user information.

  1. Log in to the SPP client as a Security Policy Administrator.
  2. To go to Cloud Assistant:
    • web client: Security Policy Management > Cloud Assistant.
  3. Click Add.
  4. In the Users dialog, select users from the list and click OK.

  5. Add these Cloud Assistant users as approvers in the appropriate access request policy. For more information, see Creating an access request policy.

Once a user is added as a Cloud Assistant user and as an approver in an access request policy, when an access request requires approval, SPP sends a notification to the approver's configured channel (this is configured via the Starling Cloud Assistant service). The approver can either approve or deny the access request directly from the channel.

NOTE: Revoking an access request that has already been approved is not available via the channel. You must use the SPP web client to perform that action.

Asset Groups

A SPP asset group is a set of assets that you can add to the scope of an access request policy. For more information, see Creating an access request policy.

NOTE: The Asset Groups tab is only available if SPP is joined to SPS.

To asset groups and dynamic asset groups, you can only add the assets that support session management. Assets that do not support session management include but are not be limited to Directory assets. When you create the asset, if session management is supported, an Enable Session Request check box is available in the Management tab. For more information, see For more information, see Supported platforms.. This section lists SPP and SPS support by platform.

The Auditor and the Security Policy Administrator have permission to access Asset Groups.

To access Asset Groups:

  • web client: Navigate to Security Policy Management > Asset Groups.

The Asset Groups view displays the following information about the selected asset group.

Use these toolbar buttons to manage asset groups.

Properties tab (asset group)

The Properties tab lists information about the selected asset group.

To access the Properties tab, in the web client, navigate to Security Policy Management > Asset Groups > View Details > Properties.

Table 194: Asset Groups Properties tab: General properties
Property Description
Name

The selected asset group's name

Description

Information about the selected asset group

Asset Rules

For dynamic asset groups, a summary of the asset rules defined. On the web client, this information is available on the Asset Rules tab.

Assets tab (asset group)

The Assets tab displays the assets associated with the selected asset group.

To access Assets:

  • web client: Navigate to Security Policy Management > Asset Groups > (View Details) > Assets.

Click Add Asset from the details toolbar to add one or more assets to the selected asset group.

Search: For more information, see Search box..

Table 195: Asset Groups: Assets tab properties
Property Description
Name

The asset name assigned to the managed system.

Platform

The platform of the managed system.
Session Request A check in this column indicates that session access requests are enabled for the asset.

Disabled

A check in this column indicates that the asset is not managed, is disabled, and has no associated accounts.

Description

Information about the asset.

Use these buttons on the details toolbar.

Table 196: Asset Groups: Assets tab toolbar
Option Description
Add Asset

To add one or more assets to the asset group you selected.

Remove

Remove the selected asset.

Export

Use this button to export the listed data as either a JSON or CSV file. For more information, see Exporting data.

Refresh Update the list of assets.
Search

To locate a specific asset in this list, enter the character string to be used to search for a match. For more information, see Search box..

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级