How to, One Identity TPAM - 如何查看進行Account Discovery?
對於Windows、Unix、Linux和資料庫系統,可以在TPAM中配置帳戶掃描(Account Discovery)的功能。
- 帳戶掃描是在TPAM受管系統上發現帳戶的過程。
- 如果帳戶在遠端系統系統中被發現或被刪除,這些帳戶可以自動在TPAM中新增或被刪除。
- TPAM管理員還可以選擇,在這些帳戶時被發現/刪除時,只發送電子郵件通知而不真的進行在TPAM中新增或刪除帳戶。
- 帳戶掃描使用account template在TPAM的系統上創建新帳戶。
容易讓我們混淆的是,TPAM系統中有一項功能是自動掃描(Auto Discovery)。兩者有什麼不同的地方呢?
- Auto Discovery是一個進程,先查詢LDAP,AD或數據庫,從TPAM外部容器獲取系統或用戶列表的過程。 此列表用於在TPAM中添加,更新或刪除受管系統或用戶。
- Account Discovery - 用帳戶掃描Profile和functional account在現有TPAM受管系統上發現帳戶的過程。
- 它們由各自獨立的服務控制,目前不共享任何schedule或process information。
- 這兩個進程間接交互,因為Auto Discovery可以使用帶有Account Discovery Profile的template來進行新增系統。
帳號掃描 Account Discovery 的設定方式:
1. Create a system template. Select Systems, Accounts, & Collections | Systems | Add System Template from the menu.
2. Add an account to the system template. Select Accounts | Add Account from the menu. Filter for the system template you just created. Select the template from the System tab and click the Details tab.
3. Create an account discovery profile.When adding the detail rows select the desired account template(s) created in Step 2 above.
- Select Management | Profile Management from the menu.
- Select a partition from the Partition list. (Optional)
- Select Account Discovery from the Profile Type list.
- Select a partition from the partition drop down. (Optional) The profile's partition can not be changed once the profile is saved. Profiles not assigned to a partition at the time they are first saved cannot be assigned to a partition at a later date.
- Click the "New Profile" button.
- Enter a unique name for the profile.
- Enter a description for the profile. (optional)
- Enter a time of day and frequency for the auto discovery check to run.
- Click the "Add Detail" button.
- Select the various detail options available. For more information on how these are configured see the table in the Account discovery profiles section.
- To add another detail row repeat steps 7 and 8.
- Click the "Save Changes" button.
4. Assign the account discovery profile created in Step 3 above to the parent system on which you want to discover accounts by selecting Systems, Accounts, & Collections | Systems | Manage Systems. Find the parent system in the Listing tab and click the Account Discovery tab. After the changes are saved click the Test Account Discovery button to see what accounts are found.
 |
| Test Discovery Profile |
 |
| 這個頁籤可以查看連線到受管系統上所偵測到的新增帳號(Add),與已經被TPAM納管但是在受管系統上被刪除的帳號(Delete) |
 |
| 查看Discovery Job的日誌檔案 |
 |
| 在admin介面,確認Account Discovery的Agent有啟動,TPAM才會自動做Account Discovery |
留言
張貼留言