Add Managed Systems Using a Smart Rule

You can add assets to Password Safe using an Asset Based Smart Rule.

Before proceeding, consider the selection criteria to use to add the assets. There are several options available, including Operating System and Directory Query.

SSH key enforcement is not supported when using the pbrun jumphost elevated credential. The settings display as available after pbrun jumphost is selected. However, the settings will not work with the elevated credential.

  1. From the left navigation pane, click Smart Rules.
  2. Select Asset from the Smart Rule Type filter dropdown list.
  3. Click Create Smart Rule +.
  4. Select a Category from the dropdown list.
  5. Enter a Name and Description for the Smart Rule.
  6. Select a Reprocessing Limit from the dropdown list to limit how often the Smart Rule processes. Default means the Smart Rule processes when necessary. This is the preferred setting for less intensive processing. For more intensive processing select another option to restrict the Smart Rule to run once per selection.

A Smart Rule always processes when first saved or updated.

  1. Set the Selection Criteria by selecting ALL or ANY from the Include Items that match the following dropdown and selecting the filter criteria from the list. Address Group is a very useful filter and more than once condition may be added.

Screenshot of Create New Asset Based Smart Rule Selection Criteria and Actions

  1. In the Actions section, select Manage Assets Using Password Safe from the list.
  2. Select the Platform, Functional Account, and Account Name Format. Other settings may be left as defaults or changed as required.

These settings are the same settings available when adding the system manually by creating a new managed system.

  1. In the Actions section, click Add another action.
  2. Select Show asset as Smart Group from the list. This is helpful for grouping assets and accounts by their type.
  3. Click Create Smart Rule.


For complete descriptions of fields and settings for the Smart Rule, please see Add a Managed System Manually.

Add Active Directory Managed Accounts Using a Smart Rule

You can create a Smart Rule that discovers and adds Active Directory accounts to Password Safe, using the below procedure. The procedure also shows how to link domain accounts to the system.

A directory query and a domain should be created prior to creating a Smart Rule.

  1. From the left navigation, select Smart Rules.
  1. From the Smart Rule type filter list, select Managed Account.
  2. Click Create Smart Rule +.
  3. Select the Selection Criteria as applicable:
    • Asset Smart Group: Select a Smart Group from the list.
    • Child Smart Rule: Select a Smart Rule you want to filter the child Smart Rules from.
    • Dedicated Account: Select an account filter from the list. Enter a keyword to search on.
    • Directory Query: Choose to Include or Exclude accounts from Directory Query.
      • Select a query from the list.
      • Provide the frequency for the query to run. Leave the entry as 0 for a one time run.
      • Enable the Discover accounts for Password Safe Management option to discover accounts when the Smart Rule processes.
      • Select a Domain from the list.
    • Managed Account Fields: This filter only applies to existing managed accounts.
      • Select a filter: Account Name, Create Date, Description, Domain Name, Last Change Date or Last Change Result.
      • Select an expression, and then enter a keyword to search on, for example, WIN for Windows.
    • Managed System Fields: The Smart Rule is filtered according to the managed system you select.
      • Select a filter: System Name, Create Date, Last Update Date.
      • Select an expression, and then enter a keyword to search on, for example, WIN for Windows.
    • Platforms: Select a platform or check Select All.
    • User Account Attribute: Select the attribute from the list, and then provide the filter condition and value for that attribute. For each attribute filter, select Yes for Discover accounts for Password Safe Management, and then select a Smart Group to search in.
      • Privilege: Select is one of or is not one of. Select All or one, or a combination of Administrator, Guest, or User.
      • SID: Select an expression, and then enter a keyword to search on.
      • Account Name: Select an expression, and then enter a keyword to search on.
      • Password Age: Select an expression, and then select age parameters to search on.
  1. In the Actions section, select Manage Account Settings to add the accounts that match on the criteria to Password Safe. The settings are the same as when you add the accounts manually.
  2. Additional properties can be set under Actions:
    • Assign preferred Domain Controller on each Active Directory account: Select the Active Directory domain and Domain Controller from the lists.
    • Assign workgroup on each account: Used with agent workgroups in multi-active deployments, this action enables you to define groups of accounts that will be assigned to specific password change agents. Select a workgroup from the list, or select Any.
    • Link domain accounts to Managed Systems: When used with Directory Accounts filter criteria, this action creates a linked association between the directory accounts and the target asset Smart Groups for role-based access control.
    • Map Dedicated Accounts To: Use only when the Dedicated Accounts filter criteria is selected. This action identifies the group of user accounts that are used to match against the dedicated account mask condition.
    • Send an email Alert: Select to send an email alert when the Smart Rule processes. The email contains a summary of the results the managed accounts matched by the Smart Rule and any changes since its last execution.
    • Set attributes on each account: Select to assign an attribute to filter and sort managed accounts. When viewing the Smart Groups on the Managed Accounts page, the groups are organized based on the filters selected in the Smart Group. You can use the default attributes that are available or create an attribute on the Configuration page. When the Smart Rule runs, the attribute is applied to all managed accounts that match on the selected filter criteria.
  1. Under Actions, click the link to Add another action, and then select Show managed account as Smart Group.
  2. Click Create Smart Rule.

For more information, please see the following: