Work with Managed Systems

A managed system is any system being managed by Password Safe. A managed system can be an asset, database, directory, or cloud platform. By default, all managed systems are listed on the Managed Systems page, as the Smart Group filter is set to the built-in Smart Group All Managed Systems. You can filter the systems listed in the grid by selecting a different Smart Group from the Smart Group filter list.

Managed systems can be manually created from the Managed Systems page, as well as from the Assets page. Managed systems can also be added using Smart Rules.

 

Managed Systems Page in BeyondInsight

 

For more information on adding managed systems, please see the following:

View Managed Systems Details

You can view details about the managed system, such as:

  • Identifying details, attributes, and policies
  • Managed accounts on the managed system
  • Smart Groups associated with the managed system
  • Accounts linked to managed accounts on the managed system
  • Public keys related to the managed system
  • Functional account for the managed system

View the details of a managed system as follows:

  1. From the Managed Systems page, click the vertical ellipsis for the managed system.
  2. Select Go to Advanced Details.

Advanced Details page of a managed system

  1. Click through the tabs in the Advanced Details pane to view details on each topic.
For managed systems that are linked to assets, you can click the View Asset link in the upper left to view the details of the asset. Click View Managed System to return the Advanced Details for the managed system.

 

Import an SSH Server Key Using a Smart Rule

You can import SSH Server keys from a host and accept the key on the Advanced Details for a managed system. Supported key types are RSA, DSA, and ECDSA. From the Smart Rules page, create an asset-based Smart Rule using Actions settings such as the below:

Select the SSH server key enforcement mode when using a Smart Rule to import an SSH server key.

  1. Select Manage Asset Using Password Safe from the dropdown.
  2. Select a Platform that supports server keys, such as Cisco.
  3. Select the Functional Account.
  4. For the Key Enforcement Mode option, choose either Auto Accept Initial Key or Manually Accept Keys.
  5. Set the other settings as desired or leave as defaults.
  6. Add another action to Show Asset as Smart Group.
  7. Click Create Smart Rule.

 

 The settings here are the same as when adding a system on the Create Managed Systems page. For descriptions for all the settings, please see Add a Managed System Manually.

Manage the SSH Server Keys

After the Smart Rule processes, hosts with SSH server keys are populated in the Smart Group you created.

An email notification is sent to the Administrators user group when a key is imported and the Key Enforcement Mode is set to Manually Accepted Keys. The email notifies the administrators that a fingerprint requires action, what asset the key is on, and also provides details about the fingerprint.

The Fingerprint Verification email template can be modified from Configuration > Privileged Access Management > Mail Templates.

For more information on modifying email templates, please see Customize Email Notifications.

Accept or Deny a Key

  1. From the Managed Systems page, click the vertical ellipsis for the managed system.
  2. Select Go to Advanced Details.
  3. Click the Server Keys tab.

Accept or deny an SSH Server Key.

  1. Click the vertical ellipsis for the server key you wish to work with.
    • If auto approved, no further action is required.
    • If manually approved, click Accept or Deny.

 

  1. After a key is accepted, from the Functional Accounts tab, click the Test Functional Account button to verify the key with the functional account.

Add a Key Manually

  1. From the Managed Systems page, click the vertical ellipsis for the managed system.
  2. Select Go to advanced details....
  3. Click the Server Keys tab.
  4. Click + Create New Server Key above the grid.
  5. Click Accept or Deny.
  6. Select a Key Type from the list and enter a Fingerprint and a Description.
  7. Click Create Key.
  8. After a key is added, from the Functional Accounts tab, click the Test Functional Account button to verify the key with the functional account.

The fingerprint must be unique. An error message is displayed if the key is already imported.