• State Not Answered
  • Replies 1 reply
  • Subscribers 28 subscribers
  • Views 155 views
  • Users 0 members are here
Options
Related

How to link AD users account with Join Domain assets?

oo mohamed
1 month ago

Hi Community,

I have a Safeguard Privileged Password (SPP), created AD users as SPP users so they can request a password to access the RDP session to joined domain Windows Servers, respectively the can you use account for access the assets (joined domain Windows server)

and tried to check and change the password but got an error as below

Task: Change Password

Queuing task.
Starting task.
Changing password for account asd\safeguard.
Looking up user information for asd\safeguard.
Account asd\safeguard not found, or is suspended.
Saving task results.
Task completed with failure.

Task: Check Password

Queuing task.
Starting task.
Verifying Password.
Looking up user information for asd\safeguard.
Account asd\safeguard not found, or is suspended.
Unable to check password on asset Backup-PC due to an error.
Saving task results.
Task completed with failure.

the account is a service account in Active Directory and I want to change the password with every request but it gives me the same password every time,  or how to link the AD users account with assets (joined Domain Windows Server or PC)

Parents
  • 0 1 month ago

    Hi,

    If you added the AD account directly under the Windows Server Asset > Accounts tab then that would be invalid configuration and hence (Change and Check passwords would be expected to fail) because Safeguard is trying to look for the AD account locally on the target Windows Server when you set it up in that way.

    AD Accounts in Safeguard should only exist under the Active Directory Asset > Accounts tab.

    To configure the RDP entitlement:

    Go to Security Policy Management > create an Entitlement > Add an RDP Access Request Policy with the following:

    • In the Security Tab >
      • Enable the checkbox "Change Password After Check-In" if you want SPP to change the password after each session release\check-in
      • under Asset-Based Session Access
      • Either select Directory account: Here you specify the AD account to be used in the RDP session request
      • or you can use the Linked Account option (Please refer to Admin guide here for Managing Linked Accounts)
    • In the Scope Tab >
      • Add the Assets that you need to RDP into.
    • In the Users Tab >
      • Add the users that will be assigned this entitlement.

    For assistance with implementation or new configuration, we recommend consulting with One Identity Professional Services team by discussing your needs with your account manager.

    Thanks!

Reply
  • 0 1 month ago

    Hi,

    If you added the AD account directly under the Windows Server Asset > Accounts tab then that would be invalid configuration and hence (Change and Check passwords would be expected to fail) because Safeguard is trying to look for the AD account locally on the target Windows Server when you set it up in that way.

    AD Accounts in Safeguard should only exist under the Active Directory Asset > Accounts tab.

    To configure the RDP entitlement:

    Go to Security Policy Management > create an Entitlement > Add an RDP Access Request Policy with the following:

    • In the Security Tab >
      • Enable the checkbox "Change Password After Check-In" if you want SPP to change the password after each session release\check-in
      • under Asset-Based Session Access
      • Either select Directory account: Here you specify the AD account to be used in the RDP session request
      • or you can use the Linked Account option (Please refer to Admin guide here for Managing Linked Accounts)
    • In the Scope Tab >
      • Add the Assets that you need to RDP into.
    • In the Users Tab >
      • Add the users that will be assigned this entitlement.

    For assistance with implementation or new configuration, we recommend consulting with One Identity Professional Services team by discussing your needs with your account manager.

    Thanks!

Children
No Data