Use Case Preparation

The use cases provided in this document use Smart Groups to accomplish the following:

Discover assets and accounts using a Discovery Scan.
Add assets and accounts into Password Safe management.
Assign permissions and roles to user groups.

Required Service Accounts

Password Safe uses the following three types of service accounts that you must create in BeyondInsight prior to implementing the use cases in this guide:

Credentials for Discovery Scans: Detailed and advanced Discovery Scans require a credential that has privileges to discover the details for services, tasks, systems, devices, users, and databases from Active Directory or LDAP. To implement the use cases in this guide, you must create a credential that has sufficient privileges to retrieve this information from your directory. You can create credentials from the BeyondInsight Console, by navigating to Configuration > Discovery and Vulnerability Management > Credentials.

Functional Accounts: Smart Groups for adding assets into Password Safe management require a functional account that can access the assets with the privileges required to manage and change passwords on the accounts associated with those assets. To implement the use cases in this guide, you must create a functional account for each of the following:

Windows servers
Linux servers
Network devices

Directory Credentials: Smart Groups for discovering Windows servers and directory accounts use a directory query for the Discovery Scan to pull details from Active Directory or LDAP and populate the Smart Group. A directory query requires a directory credential that has privileges to access the directory and request this information. To implement the use cases in this guide, you must create a directory credential for each of the following:

Windows servers
Windows directory accounts
Linux directory accounts

For more information, please see:

Preparation for Smart Groups

A Smart Group provides a way of grouping systems and accounts using filter conditions and actions called Smart Rules. The following items must be configured in BeyondInsight prior to creating the smart groups for each use case:

Directory Query: Smart Groups for discovering Windows servers and directory accounts use a directory query for the Discovery Scan to pull details from Active Directory or LDAP and populate the Smart Group. You must create a directory query for each of the following:

Windows servers
Windows directory accounts
Linux directory accounts

Address Group: Smart Groups for discovering Linux servers and network devices use address groups for the Discovery Scan to discover and pull details for these assets from Active Directory or LDAP and populate the Smart Group. You need to create an address group for each of the following:

Linux servers
Network devices

Access Policy: An access policy to allow approved RDP and SSH sessions must be configured so it can be assigned to user groups when assigning roles and permissions for each of the use cases.

For more information, please see:

Use Smart Rules to Organize Assets in the BeyondInsight User Guide.
Work with Smart Rules in the Password Safe Admin Guide.
Create a Directory Query in the BeyondInsight User Guide.
Create an Address Group in the BeyondInsight User Guide.
Configure Access Policies in the Password Safe Admin Guide.