best practice for SPP

Hi Dario,

One way is If SPP manages the credentials of these privileged accounts then you can configure it so that SPP does not release the password but rather only allows session access to these assets via SPS with auto login rather than interactive login for example and therefore the user never has the password and can't login directly to a target system.

We recommend customers to engage our Professional Services team for assistance with implementation or solution design.

Thanks!

Hello Tawfiq, yes, yes thank you and i know this configuration. In the specific i mean: But the specific point is: How can I restrict in a target system from accepting direct connections with accounts that are not managed by safeguard? (this helps me to prevent that even if an account is created on AD and uploaded in the target system, is not possible to use it to connect to that server because is not in safeguard) Maybe with a GPO on all target systems? or is there a best practice on this? thank you so much as always!! And have a great we!

Hello Tawfiq, yes, yes thank you and i know this configuration. In the specific i mean: But the specific point is: How can I restrict in a target system from accepting direct connections with accounts that are not managed by safeguard? (this helps me to prevent that even if an account is created on AD and uploaded in the target system, is not possible to use it to connect to that server because is not in safeguard) Maybe with a GPO on all target systems? or is there a best practice on this? thank you so much as always!! And have a great we!

Hi Dario,

I am unable to comment on that question as it is out of my scope.

I would suggest discussing GPOs or access control options on a target system with either a Security admin or Domain admin within your organization.

Thanks!