Dell One Identity Safeguard User Guide

Dell One Identity Safeguard User Guide
Dell One Identity Safeguard for
Privileged Passwords 1.0
User Guide
Copyright© 2016 Dell Inc. All rights reserved.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a
software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the
applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the
written permission of Dell Software Inc.
The information in this document is provided in connection with Dell Software products. No license, express or implied, by
estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell
Software products. EXCEPT AS SET FORTH IN DELL SOFTWARE’S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE
AGREEMENT FOR THIS PRODUCT, DELL SOFTWARE ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED
OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR
ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION,
DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY
TO USE THIS DOCUMENT, EVEN IF DELL SOFTWARE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell Software
makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and
reserves the right to make changes to specifications and product descriptions at any time without notice. Dell Software does
not make any commitment to update the information contained in this document.
If you have any questions regarding your potential use of this material, contact:
Dell Software Inc.
Attn: LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656
Refer to our web site (www.software.dell.com) for regional and international office information.
Trademarks
Dell, and the Dell logo are trademarks of Dell Inc. and/or its affiliates. IBM®, AIX® and DB2® are registered trademarks of
International Business Machines Corporation. Windows® is a registered trademark of Microsoft Corporation in the United
States and/or other countries. UNIX® is a registered trademark of The Open Group. Linux® is the registered trademark of
Linus Torvalds in the U.S. and other countries. SPARC is a registered trademark of SPARC International, Inc. in the United
States and other countries. Products bearing the SPARC trademarks are based on an architecture developed by Oracle
Corporation. Oracle®, Sun, Java® and Solaris are registered trademarks of Oracle and/or its affiliates. Other trademarks
and trade names may be used in this document to refer to either the entities claiming the marks and names or their
products. Dell disclaims any proprietary interest in the marks and names of others.
Legend
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions
are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
Dell One Identity Safeguard for Privileged Passwords User Guide
Updated - January 2016
Software Version - 1.0
Contents
About this guide
ii
Introduction to Dell One Identity Safeguard for Privileged Passwords
ii
Password management
ii
Installation procedures
4
System requirements
4
Install the desktop client
5
Start the desktop client
5
Uninstall Safeguard for Privileged Passwords
6
Upgrade Safeguard for Privileged Passwords
6
Getting acquainted with the console
7
Toolbar
7
Settings
7
My Account
8
Navigation panel
8
Home
8
Search box
9
Managing password requests
10
Request a password
10
Configure alerts
11
Create or remove Favorites
12
Take action on password requests
13
Approve password requests
14
Review password releases
15
About Dell Software
16
Contacting Dell Software
16
Technical support resources
16
Index
17
Safeguard for Privileged Passwords 1.0 User Guide
i
3
About this guide
The Dell One Identity Safeguard for Privileged Passwords User Guide is intended for users who are requesting,
approving or reviewing password releases for the first time. It provides walk-throughs to assist you in getting
familiar with using the Safeguard for Privileged Passwords desktop client.
Introduction to Dell One Identity
Safeguard for Privileged Passwords
Dell One Identity Safeguard for Privileged Passwords is enterprise security management software that
automates, controls and secures the entire process of granting users the credentials necessary to perform
their duties. Safeguard for Privileged Passwords is deployed on a secure, hardened appliance.
One of the most vulnerable – but often overlooked – aspects of information security is the embedded passwords
required for applications to talk to each other or to databases. Safeguard for Privileged Passwords replaces
hard-coded passwords with programmatic calls that dynamically retrieve the account credentials, eliminating
this security exposure.
Safeguard for Privileged Passwords ensures that when administrators require elevated access (typically
through shared credentials, such as the UNIX® root password), that access is granted according to established
policy, with appropriate approvals, and that the password is optionally changed immediately upon its return.
It’s a secure, compliant and efficient solution to the age-old “keys to the kingdom” problem.
Password management
Safeguard for Privileged Passwords has two graphical user interfaces that allow you to control access to
passwords to your managed accounts and systems: a Windows® desktop client and a web client.
The desktop client consists of an end-user view and an administrator view. The administrative functionality is
dynamically enabled based on the user's permissions.
The web client is functionally similar to the desktop client end-user view. It exposes the password workflow
functionality and is meant primarily for the non-administrator user. The web client uses a responsive UI design
to adapt to the user's device -- from desktops to tablets or phones.
Safeguard for Privileged Passwords supports privileged password management in two ways:
l
Application to application. This is typically an effort to remove hard-coded passwords from startup
configurations and scripts. The application programmatically retrieves the password from Safeguard for
Privileged Passwords.
Safeguard for Privileged Passwords 1.0 User Guide
About this guide
ii
l
Secure. To solve the individual accountability challenge when dealing with shared passwords,
Safeguard for Privileged Passwords changes the passwords so that nobody knows what they are, and
then controls access to the password in a way that there is accountability for who used the shared
password, when, and why.
Safeguard for Privileged Passwords provides secure control of administrative accounts by storing account
passwords until they are needed and releases them only to authorized persons. Then, Safeguard for Privileged
Passwords automatically updates the account passwords based on configurable parameters.
Typically a password request follows this workflow.
1. Request: Users that are designated as an authorized "user" of a role can request passwords for any
account in the scope of that role's policies.
2. Approve: Depending on how the Security Policy Administrator configured the policy, a password request
will either require approval by one or more Safeguard for Privileged Passwords users, or be autoapproved. This process ensures the security of account passwords, provides accountability, and provides
dual control over the system accounts.
3. Review: The Security Policy Administrator can optionally configure a password request policy to require
a review of completed password requests for accounts in the scope of the policy.
Safeguard for Privileged Passwords 1.0 User Guide
About this guide
iii
4
Installation procedures
To request, approve or review password releases, you must first install the desktop client application which
gives you access to the appliance.
These topics explain how to install the Safeguard for Privileged Passwords desktop client application:
l
System requirements
l
Install the desktop client
l
Start the desktop client
l
Uninstall Safeguard for Privileged Passwords
System requirements
Before installing Safeguard for Privileged Passwords , ensure that your system meets the minimum hardware
and software requirements for your platform.
Desktop client system requirements
The desktop client is a native Windows® application suitable for use on end-user machines. You install
the desktop client by means of an MSI package which you can download from the Dell Software website
or from the appliance web client portal. You do not need administrator privileges to install Safeguard for
Privileged Passwords.
Component
Requirements
Technology
Microsoft .NET Framework© 4.6
Windows platforms
32-bit or 64-bit editions of:
l
Windows 7, 8, 8.1 and 10
l
Windows Server 2008 and 2012
Web client system requirements
Component
Requirements
Web browsers
Desktop browsers:
l
Google Chrome 42 (or greater)
l
Microsoft Internet Explorer 9, 10, 11 and Edge
l
Mozilla Firefox 38 (or greater)
Safeguard for Privileged Passwords 1.0 User Guide
Installation procedures
4
Component
Requirements
Mobile device browsers:
l
Apple Safari iOS 8 (or greater)
l
Google Chrome on Android
The web client is implemented for modern web browser technology, using:
l
HTML5
l
CSS
l
JavaScript
NOTE: If your browser lacks these required technologies, then use
the desktop client.
Install the desktop client
To install the Safeguard for Privileged Passwords desktop client application
1. Download the MSI package from the Dell Software website or from the appliance web client portal. (For
more information, refer to the instructions in Initial installation in the Dell One Identity Safeguard for
Privileged Passwords Evaluation Guide.)
2. Run the MSI package.
3. Select Next in the Welcome dialog box.
4. Accept the End-User License Agreement and select Next.
5. Select Install to begin the installation.
6. Select Finish to exit the desktop client setup wizard.
Start the desktop client
To start the desktop client application
1. From the Windows® Start menu, choose Safeguard for Privileged Passwords.
2. On the server selection screen, enter or select the server's network DNS name or IP address to connect
to the appliance over the network and select Connect.
NOTE: You must put an IPv6 address in square brackets.
3. On the user log-in screen, enter your credentials and select Log in.
User Name
Your user or display name.
NOTE: When using Microsoft Active Directory credentials, enter your
domain\name.
Password
Your password.
Safeguard for Privileged Passwords 1.0 User Guide
Installation procedures
5
Uninstall Safeguard for Privileged
Passwords
To uninstall Safeguard for Privileged Passwords
1. In the Windows® Control Panel, open Programs and Features.
2. Press and hold (or right-click) the Desktop Client application and choose Uninstall.
Upgrade Safeguard for Privileged
Passwords
You can upgrade the desktop client application in place using a newer version of the MSI.
Safeguard for Privileged Passwords 1.0 User Guide
Installation procedures
6
5
Getting acquainted with the console
The Safeguard for Privileged Passwords desktop client console has these components:
l
Toolbar in the top-right corner of the console.
l
Navigation panel along the left side of the console.
Toolbar
Along the top-right corner of the Safeguard for Privileged Passwords console, your Toolbar will look
similar to this:
 Settings
Where you configure the desktop client application Settings.
Current User Image
Which allows you to Update My Account or Log Out of the application.
Settings
The Safeguard for Privileged Passwords console Settings () allows you to configure the desktop client
application to:
l
Run in the system tray when you close the application.
When you enable the Run in the system tray option, you cannot modify the toast notifications option.
However, when you disable the Run in the system tray option, you can enable or disable toast
notifications.
NOTE: When you enable the Run in the system tray option, you cannot modify the toast
notifications option because in that mode, you always get notifications.
l
Enable toast notifications to display event alerts on your console.
Toast notifications are alerts that appear when the desktop client application is not the active
foreground application; for example, when you are in another application or when you have minimized
the desktop client.
Safeguard for Privileged Passwords 1.0 User Guide
Getting acquainted with the console
7
l
Enable or disable the Home page widgets:
l
Requests
l
Approvals
l
Reviews
When you enable the widgets, the corresponding controls display on your Home page.
My Account
To update your personal information
1. From the Toolbar, select your user image icon and choose My Account.
2. To change your image, select  Change Photo.
3. To change your email address or Contact Information, type into the appropriate box.
4. To change your user password, select Change Password.
Navigation panel
The Home page left navigation panel has these links:
Page
Description
 Home
Where you get quick access to the password request tasks that need your
immediate attention and your list of "Favorite" accounts to check out.
Home
When you log into Safeguard for Privileged Passwords, you begin your session on the  Home page. The
Message of the Day displays on the right side. The rest of the Home page is tailored to your user rights and
permissions. If you are authorized by a role to request, approve, or review passwords, then your Home page
gives you quick access to the password request tasks that need your immediate attention.
NOTE: You can turn Requests, Approvals, and Reviews widgets on or off in  Settings.
Password requester's Home page view
The
New Request tile opens the Accounts selection dialog box which lists all accounts you are
authorized to checkout.
Under Favorites, there is a list of accounts you have marked as a "Favorite", a quick way to request passwords.
For more information refer to these topics:
l
Create or remove Favorites
l
Request a password
Password approver's Home page view
Safeguard for Privileged Passwords 1.0 User Guide
Getting acquainted with the console
8
As an "approver" user, unless you are also designated as a password requester, you will see no accounts listed
under Favorites. Your job is to approve or deny the password requests listed on your  Home page. For more
information, see Approve password requests on page 14.
Password reviewer's Home page view
As a "reviewer" user, unless you are also designated as a password requester, you will see no accounts listed
under Favorites. Your job is to review completed password requests listed on your  Home page. For more
information, see Review password releases on page 15.
Search box
To search for accounts
1. Enter a text string in the Search box. As you type, the list displays item names that contain the string.
For example, type "T" in the search box to search for all objects that contain the letter "T", or type
"sse" to list all objects that contain the string "sse", such as "Asset".
NOTE: The text search is not case sensitive and does not allow wild cards.
NOTE: The status bar along the bottom of the console shows the number of filtered items.
2. To clear search criteria, select  Clear to delete the text string.
Safeguard for Privileged Passwords 1.0 User Guide
Getting acquainted with the console
9
6
Managing password requests
The topics in this section explain the entire end-to-end password release process from request to
approval to review.
Work flow
Description
Request a password
Request account passwords.
Approve password
requests
Approve password requests.
Review password
releases
Review completed password requests.
Request a password
If you are designated as an authorized "user" of a role, you can request passwords for any account in the scope
of the role's policies. You make password requests from your Home page.
NOTE: You can configure Safeguard for Privileged Passwords to notify you of pending password workflow
events, such as when a password request is pending, denied or revoked, and so forth. (See Configure
alerts.)
To request a password
1. Select
New Request to open the Accounts selection list, choose an account and select OK to
open the password request dialog box.
-OR2. From Favorites, select an account or mouse-over it and select  New Request to open the password
request dialog box.
Password request dialog box
In the password request dialog box,

Select the gray  Add to Favorites star to add this account to your Home page
Favorites list.
The star is yellow or gray depending on whether it is a Favorite or not.
Safeguard for Privileged Passwords 1.0 User Guide
Managing password requests
10
Normal Access
Select this option to gain normal access to this password. "Normal" access ensures
the password request goes through the entire end-to-end password release
process from request to approval to review as defined in the policy by the
Security Policy Administrator.
NOTE: This option is not available if the policy has not enabled emergency
access.
Emergency Access
Select this option to gain immediate emergency access to this password. When
you use Emergency Access, the request requires no approval.
NOTE: This option is not available if the policy has not enabled emergency
access.
Request Immediately
Deselect this option to enter a specific date and time.
NOTE: Enter the time in the user’s local time.
Checkout Duration
This either displays the checkout duration; or, if the "Allow Requester to Change
Duration" option is enabled in the policy, it allows you to set the days, hours, and
minutes that you want the password and overrides the checkout duration set in
the password request policy.
More
Select More to configure additional (optional) options.
NOTE: If any of the following options are required by the policy, Safeguard
for Privileged Passwords displays them above the More option; if all
options are required, it does not display the More option.
Reason
Select a password request reason code for this request.
Select the Description  down arrow to view information about the selected
password reason.
Selecting a reason is optional if the policy enables reasons, but does not require
them.
NOTE: Safeguard for Privileged Passwords does not display the Reason
option unless the Security Policy Administrator selected password reasons
for this policy.
Comment
Enter information about this request.
Limit: 255 characters
Configure alerts
There are two ways to configure Safeguard for Privileged Passwords to send alerts to you:
l
Toast notifications
l
Email
Configure toast notifications
Toast notifications are alerts that appear on your console when the desktop client application is not the active
foreground application; for example, when you are in another application or when you have minimized the
Safeguard for Privileged Passwords desktop client.
Safeguard for Privileged Passwords 1.0 User Guide
Managing password requests
11
To enable toast notifications
1. Open  Settings.
2. Select the Enable Toast Notifications option.
NOTE: When you enable the Run in the System Tray option, you cannot modify the toast notifications
option because in that mode, you always get notifications.
Configure email
You must configure Safeguard for Privileged Passwords properly for users to receive email notifications:
l
l
You must set your email address correctly in My Account.
The Security Policy Administrator must configure the password request policies to notify people of
pending password workflow events (that is, pending approvals and pending reviews). (For more
information, see Add password request policies to roles in the Safeguard for Privileged Passwords
Administrator Guide.)
A password policy defines the rules for checking out passwords, such as the maximum duration, how
many approvals are required, and so forth.
l
The Appliance Administrator must configure the SMTP server, and define email templates for the each
of the appropriate event type(s). (For more information, see Enable email notifications in the Safeguard
for Privileged Passwords Administrator Guide.)
Create or remove Favorites
This topic explains how to add a single account as a Favorite to your  Home page.
NOTE: Favorites are unique to your desktop; they are only available to you when you are logged into
the desktop client.
To create a Favorite
1. In the password request dialog box, select the gray  Add to Favorites star when you are
making a request.
The star changes to a gold Remove from Favorites star.
To set a Favorite to a special color
1. From Favorites list, open the gold star's menu and choose Edit.
2. In the Settings dialog box, choose a color and select OK.
To remove a Favorite
1. From the Favorites list, open the gold star's menu and choose Remove.
Safeguard for Privileged Passwords 1.0 User Guide
Managing password requests
12
Take action on password requests
To take action on a password request
1. From your  Home page, the Requests widget has these controls:
a. Select  expand down to open the list of active requests.
b. Select  Popout to float the Requests pane.
You can then select and drag the pane to any location on the console and re-size the window.
NOTE: You enable or disable the  Home page widgets in the  Settings menu.
2. Open the list of requests and select one of these view filters:
State
Description
All
Password requests in all states.
Available
Approved password requests that are ready to view or copy.
Approved
Requests that have been approved, but the checkout time has not arrived.
Pending
Requests that are waiting for approval.
Revoked
Approved requests retracted by the approver.
NOTE: The approver can revoke a request between the time the requester
views the password and checks it in.
Expired
Requests for which the checkout duration has elapsed.
Denied
Requests denied by the approver.
NOTE: The number indicates how many requests are in that state.
3. Select an account to see the details of the password request.
Take the following actions on password requests:
State
Available
Actions
1. Select  Copy to checkout the password.
This puts the password into your copy buffer, ready for you to use.
2. Select  Check-in to complete the password checkout process.
3. Select Show Password to see the password on your screen.
The password displays on your screen for 20 seconds.
4. Select Hide Password to conceal the password from view.
Approved
Select  Cancel to remove the request.
NOTE: A password request changes from "Approved" to "Available" when
the requested time is reached. It stays available until you either cancel
the request or it reaches the end of the duration period.
Pending
Select  Cancel to remove the request.
Safeguard for Privileged Passwords 1.0 User Guide
Managing password requests
13
State
Actions
Revoked
Select  Resubmit Request to request the password again.
Select  Remove to delete the request from the list.
Expired
Select  Remove to delete the request from the list.
Denied
Select  Resubmit Request to request the password again.
Select  Remove to delete the request from the list.
Approve password requests
Depending on how the Security Policy Administrator configured the policy, a password request will either
require approval by one or more Safeguard for Privileged Passwords users, or be auto-approved. This process
ensures the security of account passwords, provides accountability, and provides dual control over the
system accounts.
NOTE: You can configure Safeguard for Privileged Passwords to notify you of a password request that
requires your approval. (See Configure alerts.)
To approve or deny a password request
1. From your  Home page, the Approvals widget has these controls:
a. Select  expand down to open the list of approvals.
b. Select  Popout to float the Approvals pane.
You can then select and drag the pane to any location on the console and re-size the window.
NOTE: You enable or disable the  Home page widgets in the  Settings menu.
2. Open the list of approvals and select one of these view filters:
State
Description
All
Password requests in all states.
Pending
Requests that are waiting for approval.
Approved
Requests that have been approved, but not yet available to the requester.
Pending Additional
Approvals
Requests that require multiple approval, but have only been partially
approved. (Only seen by the appover that has approved the request.)
NOTE: The number indicates how many requests are in that state.
3. Once you open the list, select the requester's name to see the details of the password request.
Take the following actions on password requests:
State
Actions
Pending
Select  to Approve or Deny a password request.
Optionally you can enter a comment of up to 255 characters.
Safeguard for Privileged Passwords 1.0 User Guide
Managing password requests
14
State
Actions
Pending Additional
Approvers
Select to Deny a password request.
Approved
Select  to Deny or Revoke an approved request.
Optionally you can enter a comment of up to 255 characters.
NOTE:
You can revoke a request between the time the requester views it and
checks it in.
Any eligible approver can deny a password request after it has already
been approved or auto-approved. Once disallowed, the requester will no
longer have access to the password, but he is given another opportunity
to request that password again. The requester receives an email notifying
him that the request was denied. (For more information, see Configure
alerts on page 11.)
Review password releases
The Security Policy Administrator can configure a password request policy to require a review of completed
password requests for accounts in the scope of the policy.
NOTE: You can configure Safeguard for Privileged Passwords to notify you of a password request that
requires your review. (See Configure alerts.)
To review a past password request
1. From your  Home page, the Reviews widget has these controls:
a. Select  expand down to open the list of pending reviews.
b. Select  Popout to float the Reviews pane.
You can then select and drag the pane to any location on the console and re-size the window.
NOTE: You enable or disable the  Home page widgets in the  Settings menu.
2. Open the list of pending reviews and select an account name to see the details of the
password request.
Take the following action on password requests:
l
Select  Review to complete the review process.
Optionally, enter a comment of up to 255 characters.
l
Open the request and select Details to open the password request details in a separate window.
NOTE: Open the Approval Activity to view the approver's comments.
Safeguard for Privileged Passwords 1.0 User Guide
Managing password requests
15
About Dell
A b o u t D e ll So ftware
Dell listens to customers and delivers worldwide innovative technology, business solutions and services they
trust and value. For more information, visit www.software.dell.com.
Contacting Dell Software
For sales or other inquiries, visit http://software.dell.com/company/contact-us.aspx or call 1-949-754-8000.
Technical support resources
Technical support is available to customers who have purchased Dell software with a valid maintenance
contract and to customers who have trial versions. To access the Support Portal, go to
http://software.dell.com/support/.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours
a day, 365 days a year. In addition, the portal provides direct access to product support engineers through an
online Service Request system.
The site enables you to:
l
Create, update, and manage Service Requests (cases)
l
View Knowledge Base articles
l
Obtain product notifications
l
Download software. For trial software, go to Trial Downloads.
l
View how-to videos
l
Engage in community discussions
l
Chat with a support engineer
Safeguard for Privileged Passwords 1.0 User Guide
About Dell Software
16
Index
In d e x
personal account information
update 7
photo
change 8
C
policy
about 12
contact information
R
change 8
F
run in the system tray 7
S
favorites
create 12
Safeguard
remove 12
installation 4
set color 12
log out 7
H
search box
using 9
Home page
about 8
settings, application settings 7
settings, enable
approvals widget 8
navigation panel 8
requests widget 8
Home page widgets
reviews widget 8
about 8
run in the system tray 7
L
toast notifications 7
system requirements 4
log out of Safeguard 7
P
T
toast notifications
password
approval 14
about 7, 11
toolbar controls
cancel pending request 13
check-in 13
checkout 13
about 7
U
request 10
request, remove 14
reset 8
review 15
uninstall desktop client 6
upgrade desktop client 6
user
change contact information 8
Safeguard for Privileged Passwords 1.0 User Guide
Index
17
change photo 8
reset password 8
W
web client
about ii
system requirements 5
widgets
approvals widget, controls 14
approvals widget, enable 8
requests widget, controls 13
requests widget, enable 8
reviews widget, controls 15
reviews widget, enable 8
Safeguard for Privileged Passwords 1.0 User Guide
Index
18
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement