Settings vary depending on the platform type. When an account is manually added to a managed system, the default configuration of the account is set to what is configured on the managed system.
There are two ways to add a managed system manually. From the Managed System grid, click Create New Managed System.
Alternatively, link the managed system to an asset:
- On the Assets page, select the system you want to manage, and then click the vertical ellipsis at the right end of the line.
- Select Add to Password Safe from the menu.
- On the Create New Managed System form, set the system settings. The settings vary based on the platform selected. The settings are described in the following table.
- Click Create Managed System.
|Setting||Description or Action|
|Platform||Select a platform type from the list.|
|Name||Enter a unique name for the system.|
|Instance Number (SAP only)||
If you have added your System Application Products (SAP) environment to Password Safe management, provide the instance number.
|Description||Enter a description for the system.|
|IP Address||Enter the IP address for the system.|
|DNS Name||Enter the DNS name for the system.|
|Workgroup||Select the system workgroup from the dropdown list.|
Enter a port number.
|NetBIOS (Windows and Active Directory managed systems only)||Enter a unique name for the system.|
|Enable Automatic Password Management||
Toggle to automatically check and update managed account passwords at a set frequency or after password releases.
|Default Password Policy||
Select a Password Safe password policy or use the default policy. The policy provides the requirements used by Password Safe to create passwords, such as password length and permitted characters.
Select an elevated account to run as: sudo, pmrun, pbrun, pbrun jumphost.
If you are using pbrun jumpost, enter the IP address for the Privilege Management for Unix & Linux policy server that you want to connect to.
SSH Key Enforcement Mode is not available if you are using pbrun jumphost.
|Functional Account||Select a functional account from the list.|
|Use Login Account for SSH Sessions||
Create a login account to allow the user to open an SSH session in environments where remote shell access is not permitted, for instance the root account.
Login Account: Select the account name.
|Account Name Format||
Select an account name format from the list: sAMAccountName, UPN or domain\account.
|Timeout||The timeout value determines the amount of time in seconds that a connection attempt to the managed system remains active before being aborted. In most cases, we recommend you use the default value (30 seconds). If there are problems with connection failures with the system, this value can be increased.|
|SSH Key Enforcement Mode||
Verifies SSH host keys from a known host. You can import SSH keys from a host using a Smart Rule.
Auto Accept Initial Key: The first key imported is automatically accepted. Any new key imported after the initial key must be manually accepted.
Manually Accept Keys: SSH connections to the host are permitted for accepted keys only. If a new key is detected from the host, the key is stored in the database and an email is sent to the Administrators user group. The key must then be accepted or denied.
|Default DSS Key Policy||
If you are using DSS authentication for the system, select a key policy or use the default.
The duration that can be requested during the request process. The default value is 2 hours. When the Requested Duration (as entered by the user on the Requests page in the web portal) is exceeded, the session ends if the Force Termination option is enabled for the access policy.
|Max Release Duration||The maximum length of time the requester is permitted to enter on the Requests page. Applies to password and session requests. The maximum length that can be set is 365 days.|
|Contact e-mail||Enter the email address where you want Password Safe system notifications to be sent.|
For more information, please see the following:
- Add SAP as a Managed System
- Create Password Policies
- Enable Login Accounts for SSH Sessions
- Set the Account Name Format within the Managed Assets using Password Safe Action
- Import an SSH Server Key Using a Smart Rule
- Manage the SSH Server Keys
- Set DSS on the Managed Account
- Configure Password Safe Access Policies