Managed systems
What is a managed system?
A managed system is any system being managed by Password Safe. A managed system can be an asset, database, directory, or cloud platform. By default, all managed systems are listed on the Managed Systems page, as the Smart Group filter is set to the built-in Smart Group All Managed Systems. You can filter the systems listed in the grid by selecting a different Smart Group from the Smart Group filter list.
Managed systems can be manually created from the Managed Systems page, as well as from the Assets page. Managed systems can also be added using Smart Rules.
Work with managed systems
Managed systems can be manually created from the Managed Systems page, as well as from the Assets page. Managed systems can also be added using Smart Rules.
View managed system details
You can view details about the managed system, such as:
- Identifying details, attributes, and policies
- Managed accounts on the managed system
- Smart Groups associated with the managed system
- Accounts linked to managed accounts on the managed system
- Public keys related to the managed system
- Functional account for the managed system
View the details of a managed system as follows:
- From the Managed Systems page, click the vertical ellipsis for the managed system.
- Select Go to Advanced Details.
- Click through the tabs in the Advanced Details pane to view details on each topic.
Note
For managed systems that are linked to assets, you can click the View Asset link in the upper left to view the details of the asset. Click View Managed System to return the Advanced Details for the managed system.
Import an SSH Server key using a Smart Rule
You can import SSH Server keys from a host and accept the key on the Advanced Details for a managed system. Supported key types are RSA, DSA, and ECDSA. From the Smart Rules page, create an asset-based Smart Rule using Actions settings such as the below:
- Select Manage Asset Using Password Safe from the dropdown.
- Select a Platform that supports server keys, such as Cisco.
- Select the Functional Account.
- For the Key Enforcement Mode option, choose either Auto Accept Initial Key or Manually Accept Keys.
- Set the other settings as desired or leave as defaults.
- Add another action to Show Asset as Smart Group.
- Click Create Smart Rule.
Manage the SSH Server keys
After the Smart Rule processes, hosts with SSH Server keys are populated in the Smart Group you created.
An email notification is sent to the Administrators user group when a key is imported and the Key Enforcement Mode is set to Manually Accepted Keys. The email notifies the administrators that a fingerprint requires action, what asset the key is on, and also provides details about the fingerprint.
The Fingerprint Verification email template can be modified from Configuration > Privileged Access Management > Mail Templates.
Accept or deny a key
- From the Managed Systems page, click the vertical ellipsis for the managed system.
- Select Go to Advanced Details.
- Click the Server Keys tab.
- Click the vertical ellipsis for the server key you wish to work with.
-
- If auto approved, no further action is required.
- If manually approved, click Accept or Deny.
- After a key is accepted, from the Functional Accounts tab, click the Test Functional Account button to verify the key with the functional account.
Add a key manually
- From the Managed Systems page, click the vertical ellipsis for the managed system.
- Select Go to advanced details....
- Click the Server Keys tab.
- Click + Create New Server Key above the grid.
- Click Accept or Deny.
- Select a Key Type from the list and enter a Fingerprint and a Description.
- Click Create Key.
- After a key is added, from the Functional Accounts tab, click the Test Functional Account button to verify the key with the functional account.
Note
The fingerprint must be unique. An error message is displayed if the key is already imported.
Updated 5 days ago