• State Verified Answer
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 3782 views
  • Users 0 members are here
Options
Related

Scanning The Assets in Safeguard for new Accounts

Rohit Joshi
over 4 years ago

Hello Team,

I have recently started working with Safeguard so if this question sounds naive please don't mind :).

We have a bunch of assets and accounts already in our Safeguard environment. Now we have a new requirement where some additional accounts from the same assets need to be brought into the system. My question is, can we do that in Safeguard? If I create new or edit existing asset / account discovery jobs, the system will try to bring those assets back into the environment which I don't want. Can we write a script or use an API to scan the exiting asset without having to run the asset discovery job again.

Thanks !! 

  • +1 over 4 years ago

    Hi Rohit,

    Asset Discovery and Account Discovery are two separate tasks. Asset discovery is used to add the assets \ systems into Safeguard and if these assets are associated with an "Account Discovery" profile, then this profile can be used to add accounts under these assets.

    For existing Assets, if the Account Discovery profile can be setup run on a scheduled interval or run manually on demand to perform the discovery of accounts against the Assets that are associated with that Account Discovery Profile.

    To check if an Asset has an account discovery profile > go to Assets menu > select the Asset in question > Verify the Account Discovery section for the name of the Account discovery profile used.

    To check the settings on that Account Discovery profile > go to Discovery menu > select the Account Discovery box > Here you can see the existing account discovery profiles available and edit the profile if you need to change the rules criteria or run it manually to discover new accounts (or schedule to run frequently).

    Here is a link on Account Discovery from our Admin guide for your reference:

    https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-passwords/2.11/administration-guide/47#TOPIC-1350223

    Thanks!

  • 0 over 4 years ago in reply to Tawfiq.Ahmad

    Hi Tawfiq,

    Thanks for your response. I highly appreciate it.

    So if I understood you correctly, I can create just a new account discovery job and assign the exiting assets to it? This way the assets will not be re-imported into the Safeguard but I can still get the accounts based on new conditions. Let me know if this understanding is correct?

    Please don't mind if the question appears to be repetitive as I am new to this tool and trying to understand how it works.

    Thanks!!

    Rohit Joshi

  • 0 over 4 years ago in reply to Rohit Joshi

    Hi Rohit,

    Yes that is correct, if the Asset already has an account discovery profile associated then you can run it on demand by right click on the Asset and select Discover Accounts from the menu. Otherwise if the asset does not have an existing account discovery associated then  you can either link it to an existing account discovery or  create a new account discovery profile if the criteria should be different.

    Once the Account Discovery profile is associated with the Asset then it can continue to import new accounts as per the rules of that account discovery profile and based on the schedule indicated for it to run.

    Thanks!

    Tawfiq