Work with Managed Systems

Managed Systems Grid

A managed system is any system that is managed by Password Safe. All managed systems can be viewed on the Managed Systems page, by selecting the built-in smart group All Managed Systems from the Smart Group menu in the console.

Set the Account Name Format within the Managed Assets using Password Safe Action

You can set the user account format when adding the following platforms as a managed system:

  • Windows
  • Linux
  • Oracle
  • MS SQL Server
  • Active Directory

The following format types are supported:

  • Domain\Account name: Enter the domain and user account name
  • UPN: Uses the format xxx@DomainName
  • sAMAccountName: Uses the Active Directory sAMAccountName

Select an account name format in the Smart Rules Manager when adding a managed system using a Smart Rule.

When you add managed systems using an asset-based smart group, the Account Name Format setting is available when a supported platform is selected.

If the smart group already exists, you must remove the managed assets using Password Safe, then add the assets again before you see the Account Name Format setting.

Import an SSH Server Key Using a Smart Rule

You can import SSH Server keys from a host and accept the key on the Managed System Advance Details page.

Supported key types are RSA, DSA, and ECDSA.

  1. Navigate to the Configuration > General > Smart Rules page.
  2. Within the Smart Rule filter, select Asset, and then click Create New Smart Rule.
  3. Enter a name, description, and category.
  4. Create the filter settings. For example, select an address group that includes the IP addresses for the hosts.
  5. In the Perform Actions section, select Manage Asset Using Password Safe.

Select the SSH server key enforcement mode when using a Smart Rule to import an SSH server key.

  1. Select a key enforcement mode: Auto Accept Initial Key or Manually Accept Keys.
  2. Click + to add another action, and then select Show Asset as Smart Group.
  3. Click Save.

The settings here are the same as when adding a system on the Create Managed Systems page. For more information, please see Add a Managed System Manually.

Manage the SSH Server Keys

After the Smart Rule processes, hosts with SSH server keys are populated in the smart group you created.

An email notification is sent to the Administrators user group when a key is imported and the Key Enforcement Mode is set to Manually Accepted Keys. The email notifies the administrators that a fingerprint requires action, what asset the key is on, and also provides details about the fingerprint.

The Fingerprint Verification email template can be modified on the Configuration page. For more information, please see Customize Mail Templates.

Accept or Deny a Key:

  1. In the BeyondInsight console, go to the Managed Systems page.
  2. Select the managed system from the grid, and then click the vertical ellipsis at the right end of the line.
  3. Select Go to advanced details....

Accept or deny an SSH Server Key.

  1. Select the Server Keys tab.
  2. Within the Server Keys table, select the server key you wish to work with.
  3. From the Server Keys action (vertical ellipsis):
    • If auto approved, no further action is required.
    • If manually approved, click Accept or Deny.
  4. After a key is accepted, from the Functional Accounts tab, click the Test Functional Account button to verify the key with the functional account.

Add a Key Manually:

  1. In the BeyondInsight console, go to the Managed Systems page.
  2. Select the managed system from the grid, and then click the vertical ellipsis at the right end of the line.
  3. Select Go to advanced details...
  4. Select the Server Keys tab.

    Add an SSH Server Key.

  5. From the Server Keys table, click the Create New Server Key button.
  6. Select a key type. Enter a Fingerprint and a Description.
  7. Click the Create Key button.
  8. After a key is added, from the Functional Accounts tab, click the Test Functional Account button to verify the key with the functional account.

The fingerprint must be unique. An error message is displayed if the key is already imported.

View the BeyondInsight Details of an Asset-Linked Managed System

You can view the asset details, such as hardware, ports, scheduled tasks, and smart groups associated with the asset.

  1. In the BeyondInsight console, go to the Assets page.
  2. Select an asset from the grid.
  3. Click the vertical ellipsis button for the asset.
  4. Select Go to advanced details...
  5. Click through the tabs to view more details on each topic.

View the Standalone Managed Systems Details

You can view the managed system details, such as its identifying details, attributes, and policies, as well as managed accounts, smart groups, linked accounts, server keys, functional accounts, and login accounts associated with the managed system.

  1. In the BeyondInsight console, go to the Managed Systems page.
  2. Select a managed system from the grid.
  3. Click the vertical ellipsis for the managed system.
  4. Select Go to advanced details....

Advanced Details page of a managed system

  1. All managed system details are displayed under Details & Attributes for quick access.
  2. To see more granular details, click through the tabs to view details on each topic.