One Identity Manager | Privileged Account Governance #10 | Connect One Identity Safeguard

[MUSIC PLAYING] Now, let's connect a privileged account management system to the One Identity Manager. We connect Safeguard to the One Identity Privileged Account Management System. And we saw in previous videos all the prerequisites. But now, a short double check of all the prerequisites we need to synchronize Safeguard. We start on the right lower. There you can see One Identity Management Service. This is the server service of the One Identity Manager, installed and up and running. Check. Left beside, we see all the PowerShell scripts as part of the Safeguard PS module. We need that to synchronize our Safeguard, especially because we are using the One Identity PowerShell Connector. Check. On the left upper, you can see Safeguard. And in Safeguard, there is a user created, OneIM_sync. And this Safeguard user, as you can see, comes with a lot of permissions. And this is to synchronize each object in Safeguard. Check. With all of these checked, we can now start to create our connection. With all prerequisites done, the next step is just to collect the data. We need to connect our Safeguard system. Therefore, we need a little bit of information from Safeguard. We saw that One Identity Manager Synchronization Account thing. This is necessary to lock it into Safeguard. And the second part, besides the fact that the account exists, is that we just need the certification thumbprint of that specific user. So I have to copy the thumbprint. It is like a password I need, then, at the end, to connect to Safeguard. Additionally to that, I'm interested in some data about my appliance I'd like to connect. So I step to a Settings in Safeguard. And being there, what I need, it's then Appliance Information. Here we are. And the Appliance Information tells me the name of that specific Safeguard environment. And if I don't want to use the name, then I should use the IP address. Please have in mind, like my friend [INAUDIBLE] always says, ensure that the DNS is working correctly, especially if you want to deal with Safeguard. Putting all this information together, you can see that in here, you will see the appliance name, the IP address. I have the host name in addition, and unique user, and thumbprint. It's a little bit more information as you really need. But on the other hand side, it's not too bad to have this information in place so that you can directly start to connect Safeguard. So knowing all of that, I can now start to connect my Safeguard system. And to do so, I just step to Launchpad. This is the Identity Manager Launchpad. You can see that the Installation Overview is selected. And there is an entry that says, Target system type Privileged Account Management. I run that. And what happens now is that the synchronization engine starts and steps up with a [INAUDIBLE]. Here it is. Create synchronization project. This is exactly what I want to do next. The first question is about the appliance name or the appliance IP. So from my specific file, I just take the appliance name. And then I need a thumbprint. So from my specific file, I just copy the thumbprint. We are. So I have not to ignore SSL, because that's working perfectly. And if I hit on Test Connection, a green light lets me know that I am pretty well connected. So Next. Configuration of the connection is now complete. Next. The system is loading the schema. This is necessary to build up the synchronization project. It's done. Next. I have to ensure that they don't get only read access. I like to have read and write access because I want as well to provision something into Safeguard. Next. And a synchronization server-- in my environment, there's just one server available. That makes the choice pretty easy. You have to select this machine where all the prerequisites are installed. That means PowerShell and the Safeguard PowerShell module. Next. And with that, I'm done. I just click on Finish. The system stores now and activates my synchronization project. And let me know here, as you can see on the screen, that this database is not encrypted in a test environment. That makes sense. So I just say, yes, of course. I'm aware of this. And my synchronization project gets stored. And here we are. Now, if I just select One Identity Safeguard connection, you can see my Safeguard connection. And you can as well see in the name the appliance I have connected. To work now with that, I can step up here to Start Configuration. There is just everything configured I need for my Safeguard synchronization. I can simulate the synchronization, or I can run the synchronization. Let's just run the synchronization. And now, in the background, my system starts to synchronize Safeguard. What I can see in addition is that I'm connected to these different systems. So let's select Target Systems first. This is my Safeguard. If I just click here on Browse, you can see here the schema of Safeguard. If I open the appliance, there should be one entry in there. This is my only appliance in the system. If I open Assets, you should see some assets from Safeguard. And what we are doing here is, we are just looking on Safeguard using the connector. It's not like looking into the Identity Manager database, because if I want to do that, I have just to close this browser here. I have to step to the other side of the connection. This is the flip side. This is the One Identity Manager connection. And if I click on Browse here, then I do see the schema of the Identity Manager. And of course, there is as well a table for assets. And there, I hopefully find the same assets. And here they are. Knowing all of that, I'm pretty well configured now, can run my Safeguard synchronization, and can then work with my Safeguard data. It is exactly the same that you saw in previous videos in the business part of that series. [MUSIC PLAYING]