One Identity Safeguard Powershell module and scripting resources.
Check out our samples to get started scripting to Safeguard!
One Identity open source projects are supported through One Identity GitHub issues and the One Identity Community. This includes all scripts, plugins, SDKs, modules, code snippets or other solutions. For assistance with any One Identity GitHub project, please raise a new Issue on the One Identity GitHub project page. You may also visit the One Identity Community to ask questions. Requests for assistance made through official One Identity Support will be referred back to GitHub and the One Identity Community forums where those requests can benefit all users.
This Powershell module is published to the
PowerShell Gallery
to make it as easy as possible to install using the built-in Import-Module cmdlet.
It can also be updated using the Update-Module to get the latest functionality.
By default Powershell modules are installed for all users, and you need to be running Powershell as an Administrator to install for all users.
> Install-Module safeguard-psOr, you can install them just for you using the -Scope parameter which will
never require Administrator permission:
> Install-Module safeguard-ps -Scope CurrentUserOr you may need to use the new method:
> Install-PSResource -Name safeguard-psNote, Install-PSResource doesn't load the newly installed module into the current
session. You must import the new version or start a new session to use the updated
module.
If you want to upgrade from the PowerShell Gallery you should use:
> Update-Module safeguard-psOr, for a specific user:
> Update-Module safeguard-ps -Scope CurrentUserIf you run into errors while upgrading make sure that you upgrade for all users
if the module was originally installed for all users. If the module was originally
installed for just the current user, be sure to use the -Scope parameter to again
specify CurrentUser when running the Update-Module cmdlet.
To install a pre-release version of safeguard-ps you need to use the latest version
of PowerShellGet if you aren't already. Windows comes with one installed, but you
want the newest and it requires the -Force parameter to get it.
If you don't have PowerShellGet, run:
> Install-Module PowerShellGet -ForceRestart your Powershell shell. Then, you can install a pre-release version of safeguard-ps by running:
> Install-Module -Name safeguard-ps -AllowPrereleaseOnce you have loaded the module, you can connect to Safeguard using the
Connect-Safeguard cmdlet. If you do not have SSL properly configured, you
must use the -Insecure parameter to avoid SSL trust errors.
Authentication in Safeguard is based on OAuth2. Starting with recent versions
of Safeguard for Privileged Passwords, the Resource Owner Grant (ROG) is
disabled by default. This means the traditional username/password login
requires the -Pkce parameter to use the Proof Key for Code Exchange (PKCE)
flow instead.
The recommended way to connect with a username and password is:
> Connect-Safeguard -Insecure 192.168.123.123 local Admin -Pkce
Password: ********
Login Successful.Alternatively, you can use the -Browser parameter for a fully interactive
browser-based login. This is the best option when using two-factor
authentication or external identity providers, as the built-in secure token
service can redirect you to multiple authentication providers through the
browser agent. This authentication mechanism uses the Authorization Code
Grant of OAuth2.
> Connect-Safeguard -Insecure 192.168.123.123 -Browser
Login Successful.For headless environments where a local browser is not available -- such as
Docker containers, remote SSH sessions, or CI runners -- use -DeviceCode to
authenticate via the OAuth 2.0 Device Authorization Grant (RFC 8628). The
cmdlet displays a verification URL and short user code; you complete the
login from any browser on any device, and the token is delivered back to
PowerShell automatically. This flow supports SSO and multi-factor
authentication just like -Browser. It requires Safeguard appliance
firmware 7.4 or later with the Device Code OAuth2 grant type enabled
under Appliance Management -> Safeguard Access -> Local Login Control.
> Connect-Safeguard -Insecure 192.168.123.123 -DeviceCode
To sign in, use a web browser to open the page:
https://192.168.123.123/RSTS/oauth2/device
and enter the code:
ABCD-1234
Or open this URL directly to skip entering the code:
https://192.168.123.123/RSTS/oauth2/device?user_code=ABCD-1234
The code expires in 300 seconds. Press Ctrl+C to cancel.
Login Successful.You can pre-select an identity provider with -IdentityProvider so the user
is taken straight to that provider's login page instead of choosing from a
drop-down:
> Connect-Safeguard -Insecure 192.168.123.123 -DeviceCode -IdentityProvider extf14If your appliance still has Resource Owner Grant enabled, the legacy login
style (without -Pkce, -Browser, or -DeviceCode) will continue to work:
> Connect-Safeguard -Insecure 192.168.123.123 local Admin
Password: ********
Login Successful.The Connect-Safeguard cmdlet will create a session variable that includes
your access token and connection information. This makes it easier to call
other cmdlets provided by the module.
Client certificate authentication is also available in Connect-Safeguard.
This can be done either using a PFX certificate file or a SHA-1 thumbprint
of a certificate stored in the Current User personal certificate store.
Once you are logged in, you can call any cmdlet listed below. For example:
> Get-SafeguardUser AdminIf you do not have rights to access a particular portion of the Web API, you will be presented with an error message saying authorization is required.
> Get-SafeguardAsset
Invoke-RestMethod : {"Code":60108,"Message":"Authorization is required for this request.","InnerError":null}When you are finished, you can close the session or call the
Disconnect-Safeguard cmdlet to invalidate and remove your access token.
Use the Get-SafeguardCommand to see what is available from the module.
Since there are so many cmdlets in safeguard-ps you can use filters to find exactly the cmdlet you are looking for.
For example:
> Get-SafeguardCommand Get Account Dir
CommandType Name Version Source
----------- ---- ------- ------
Function Get-SafeguardDirectoryAccount 8.4.2 safeguard-ps
safeguard-ps follows semantic versioning (MAJOR.MINOR.PATCH). The module version no longer tracks Safeguard appliance releases. Any recent version of safeguard-ps is expected to work against any currently supported version of the Safeguard for Privileged Passwords appliance. When the Safeguard Web API gains new capabilities, safeguard-ps adds cmdlets or parameters to expose them; older cmdlets continue to work against older appliances.
If you encounter a cmdlet that depends on an API feature your appliance does not have, the call will return an error from the appliance -- upgrade either the appliance or the module as appropriate.
Prerelease builds are also published to the PowerShell Gallery; see the Prerelease Versions section above for installation instructions.
safeguard-ps targets the Safeguard v4 API by default. The v3 API is still
available for legacy scripts -- pass -Version 3 to Connect-Safeguard,
Invoke-SafeguardMethod, or the A2A cmdlets, or call
Switch-SafeguardConnectionVersion -Version 3 after connecting.
safeguard-ps can listen for real-time events from the Safeguard appliance using SignalR over Server-Sent Events (SSE). This is useful for monitoring changes, triggering automated workflows, or building integrations that react to events as they happen.
After connecting with Connect-Safeguard, use Wait-SafeguardEvent to listen
for events. The cmdlet runs continuously until interrupted with Ctrl+C.
When no -Handler or -HandlerScript is provided, events are emitted to the
pipeline so you can filter and process them:
> Connect-Safeguard -Insecure 192.168.123.123 local Admin -Pkce
> Wait-SafeguardEvent -InsecureYou can filter to specific event types using the -Event parameter:
> Wait-SafeguardEvent -Insecure -Event AssetAccountPasswordUpdated,AssetAccountSshKeyUpdatedUse -Handler to provide a script block, or -HandlerScript to point at an
external .ps1 file. These are mutually exclusive. The handler receives the
event name and event body as arguments:
> Wait-SafeguardEvent -Insecure -Handler { param($EventName, $EventBody) Write-Host "$EventName occurred" }For Application to Application (A2A) scenarios, use Wait-SafeguardA2aEvent
which authenticates with a client certificate and API key rather than an
interactive session. It connects to the A2A-specific SignalR endpoint:
> Wait-SafeguardA2aEvent -Appliance 192.168.123.123 -Insecure -CertificateFile C:\cert.pfx -Password $pwd -ApiKey $apiKeyThe Invoke-SafeguardA2aPasswordHandler and Invoke-SafeguardA2aSshKeyHandler
cmdlets are higher-level wrappers that fetch the current credential immediately,
invoke your handler, then continue listening for changes. Each time the
credential is updated on the appliance, the new value is fetched and delivered
to your handler:
> Invoke-SafeguardA2aPasswordHandler 192.168.123.123 $apiKey -CertificateFile C:\cert.pfx -Password $pwd -Insecure `
-Handler { param($EventName, $Password) Write-Host "$EventName -- new password received" }Once you have configured your A2A registration in Safeguard, you can get the information to call Safeguard A2A by running the following:
> Get-SafeguardA2aCredentialRetrievalInformationThis will report the certificate thumbprint you need to use as well as the API key required to request a specific account password.
The best practice is to install your user certificate in the Windows User Certificate Store (use the Personal folder). Then, you can reference the certificate securely in safeguard-ps just using the thumbprint.
You can see the thumbprints of certificates currently installed in your Windows User Certificate Store using the following command:
> Get-ChildItem Cert:\CurrentUser\MyTo retrieve a password via A2A from PowerShell use Get-SafeguardA2aPassword.
For example:
> Get-SafeguardA2aPassword 10.5.5.5 -Thumbprint 756766BB590D7FA9CA9E1971A4AE41BB9CEC82F1 -ApiKey JeD9HIgGZM+CYZcVk6YHDNCp4W36DNsjS1TDi+S5HzI=Safeguard 2.6 added the capability of returning CSV from the API by passing in an Accept header set to 'text/csv'. Several reporting cmdlets were built on this functionality.
Run:
> Get-SafeguardCommand reportto see all of these reporting cmdlets.
The following video shows how the reporting cmdlets work, including parameters for opening the output directly in Excel.
PowerShell development can be done many ways, this is just one way with Visual Studio Code.
- Install Visual Studio Code
- Clone this repository.
- Start Visual Studio Code.
- Open root folder of safeguard-ps.
- Create or modify the scripts and save the changes.
-
Open a Terminal in Visual Studio Code and execute the following.
If you have installed the safeguard-ps module uninstall it.
Remove-Module safeguard-psInstall the new or modified scripts.
./install-local.ps1 -
Test your changes
Before testing any new changes you must run
Remove-Module safeguard-pscleanup-local.ps1andinstall-local.ps1.
Every cmdlet supports Get-Help for detailed usage information. Use
Get-SafeguardCommand to search for cmdlets by keyword at any time.
Aliases are shown in parentheses where available.
Get-SafeguardCommandGet-SafeguardBannerOpen-CsvInExcel
Connect-SafeguardDisconnect-SafeguardInvoke-SafeguardMethodGet-SafeguardAccessTokenStatusUpdate-SafeguardAccessTokenGet-SafeguardLoggedInUserSwitch-SafeguardConnectionVersionConfirm-SafeguardStaAcceptance
Get-SafeguardIdentityProviderTypeGet-SafeguardPlatformFind-SafeguardPlatformGet-SafeguardTimeZoneGet-SafeguardTransferProtocol
Get-SafeguardLicenseInstall-SafeguardLicenseUninstall-SafeguardLicense
Get-SafeguardTrustedCertificateInstall-SafeguardTrustedCertificateUninstall-SafeguardTrustedCertificateGet-SafeguardSslCertificateInstall-SafeguardSslCertificateUninstall-SafeguardSslCertificateGet-SafeguardSslCertificateForApplianceSet-SafeguardSslCertificateForApplianceClear-SafeguardSslCertificateForApplianceGet-SafeguardAuditLogSigningCertificateInstall-SafeguardAuditLogSigningCertificateUninstall-SafeguardAuditLogSigningCertificateGet-SafeguardCertificateSigningRequest(Get-SafeguardCsr)New-SafeguardCertificateSigningRequest(New-SafeguardCsr)Remove-SafeguardCertificateSigningRequest(Remove-SafeguardCsr)New-SafeguardTestCertificatePki
Get-SafeguardNetworkInterfaceSet-SafeguardNetworkInterfaceGet-SafeguardDnsSuffixSet-SafeguardDnsSuffix
Get-SafeguardStatusGet-SafeguardVersionTest-SafeguardVersionGet-SafeguardHealthGet-SafeguardApplianceAvailabilityGet-SafeguardApplianceStateWait-SafeguardApplianceStateOnlineGet-SafeguardApplianceVerificationGet-SafeguardTimeSet-SafeguardTimeGet-SafeguardApplianceUptimeGet-SafeguardApplianceNameSet-SafeguardApplianceNameGet-SafeguardApplianceDnsSuffixSet-SafeguardApplianceDnsSuffixGet-SafeguardApplianceDnsNameInvoke-SafeguardApplianceShutdownInvoke-SafeguardApplianceRebootInvoke-SafeguardApplianceFactoryResetGet-SafeguardSupportBundleGet-SafeguardSupportBundleQuickGlanceGet-SafeguardPatchClear-SafeguardPatchSet-SafeguardPatchInstall-SafeguardPatchGet-SafeguardBackupNew-SafeguardBackupRemove-SafeguardBackupExport-SafeguardBackupImport-SafeguardBackupRestore-SafeguardBackupSave-SafeguardBackupToArchiveGet-SafeguardBmcConfigurationEnable-SafeguardBmcConfigurationDisable-SafeguardBmcConfigurationSet-SafeguardBmcAdminPasswordGet-SafeguardTls12OnlyStatusEnable-SafeguardTls12OnlyDisable-SafeguardTls12OnlyTest-SafeguardAuditLogArchive
Invoke-SafeguardPingInvoke-SafeguardTelnetInvoke-SafeguardTracerouteInvoke-SafeguardArpInvoke-SafeguardNetstatInvoke-SafeguardNsLookupInvoke-SafeguardShowRoutesInvoke-SafeguardCldapPingInvoke-SafeguardClusterPingInvoke-SafeguardClusterThroughputInvoke-SafeguardMemberPingInvoke-SafeguardMemberThroughputGet-SafeguardDiagnosticPackageSet-SafeguardDiagnosticPackageClear-SafeguardDiagnosticPackageInvoke-SafeguardDiagnosticPackageGet-SafeguardDiagnosticPackageLogGet-SafeguardDiagnosticPackageStatus
Get-SafeguardClusterMemberAdd-SafeguardClusterMemberRemove-SafeguardClusterMemberGet-SafeguardClusterHealthGet-SafeguardClusterPrimarySet-SafeguardClusterPrimaryEnable-SafeguardClusterPrimaryGet-SafeguardClusterOperationStatusUnlock-SafeguardCluster(Clear-SafeguardClusterOperation)Get-SafeguardClusterSummaryGet-SafeguardClusterPlatformTaskLoadStatusGet-SafeguardClusterPlatformTaskQueueStatusGet-SafeguardClusterVpnIpv6Address
Get-SafeguardSessionClusterSet-SafeguardSessionClusterJoin-SafeguardSessionClusterSplit-SafeguardSessionClusterGet-SafeguardSessionSplitClusterRemove-SafeguardSessionSplitClusterGet-SafeguardSessionClusterAccessRequestBrokerEnable-SafeguardSessionClusterAccessRequestBrokerDisable-SafeguardSessionClusterAccessRequestBrokerGet-SafeguardSessionClusterAuditStreamEnable-SafeguardSessionClusterAuditStreamDisable-SafeguardSessionClusterAuditStream
Connect-SafeguardSpsDisconnect-SafeguardSpsInvoke-SafeguardSpsMethodOpen-SafeguardSpsTransactionClose-SafeguardSpsTransaction(Save-SafeguardSpsTransaction)Get-SafeguardSpsTransactionClear-SafeguardSpsTransactionShow-SafeguardSpsTransactionChangeShow-SafeguardSpsEndpointGet-SafeguardSpsInfoGet-SafeguardSpsVersionGet-SafeguardSpsLoginMethodGet-SafeguardSpsSupportBundleGet-SafeguardSpsWelcomeWizardStatusComplete-SafeguardSpsWelcomeWizardEnable-SafeguardSpsRemoteAccess(Enable-SafeguardSpsSra)Disable-SafeguardSpsRemoteAccess(Disable-SafeguardSpsSra)Invoke-SafeguardSpsStarlingJoinBrowserRemove-SafeguardSpsStarlingJoinGet-SafeguardSpsFirmwareSlotImport-SafeguardSpsFirmwareInstall-SafeguardSpsFirmwareInstall-SafeguardSpsUpgradeTest-SafeguardSpsFirmware
Get-SafeguardIdentityProviderGet-SafeguardAuthenticationProviderSet-SafeguardAuthenticationProviderAsDefaultClear-SafeguardAuthenticationProviderAsDefaultGet-SafeguardUserFind-SafeguardUserNew-SafeguardUserEdit-SafeguardUserRemove-SafeguardUserEnable-SafeguardUserDisable-SafeguardUserRename-SafeguardUserSet-SafeguardUserPasswordImport-SafeguardUserNew-SafeguardUserImportTemplateGet-SafeguardUserLinkedAccountAdd-SafeguardUserLinkedAccountRemove-SafeguardUserLinkedAccountGet-SafeguardUserPreferenceSet-SafeguardUserPreferenceRemove-SafeguardUserPreferenceSync-SafeguardUserGroupAuthenticationProvider
Get-SafeguardAssetPartitionNew-SafeguardAssetPartitionEdit-SafeguardAssetPartitionRemove-SafeguardAssetPartitionGet-SafeguardAssetPartitionOwnerAdd-SafeguardAssetPartitionOwnerRemove-SafeguardAssetPartitionOwnerEnter-SafeguardAssetPartitionExit-SafeguardAssetPartitionGet-SafeguardCurrentAssetPartition
Get-SafeguardAssetFind-SafeguardAssetNew-SafeguardAssetEdit-SafeguardAssetRemove-SafeguardAssetTest-SafeguardAssetImport-SafeguardAssetNew-SafeguardAssetImportTemplateSync-SafeguardDirectoryAsset
Get-SafeguardAssetAccountFind-SafeguardAssetAccountNew-SafeguardAssetAccountEdit-SafeguardAssetAccountRemove-SafeguardAssetAccountEnable-SafeguardAssetAccountDisable-SafeguardAssetAccountSet-SafeguardAssetAccountPasswordNew-SafeguardAssetAccountRandomPasswordTest-SafeguardAssetAccountPasswordInvoke-SafeguardAssetAccountPasswordChangeSet-SafeguardAssetAccountSshKeyTest-SafeguardAssetAccountSshKeyInvoke-SafeguardAssetAccountSshKeyChangeInvoke-SafeguardAssetSshHostKeyDiscoveryImport-SafeguardAssetAccountImport-SafeguardAssetAccountPasswordImport-SafeguardAssetAccountSshKeyNew-SafeguardAssetAccountImportTemplateNew-SafeguardAssetAccountPasswordImportTemplateNew-SafeguardAssetAccountSshKeyImportTemplate
Get-SafeguardAccountDiscoveryScheduleNew-SafeguardAccountDiscoveryScheduleEdit-SafeguardAccountDiscoveryScheduleRemove-SafeguardAccountDiscoveryScheduleRename-SafeguardAccountDiscoveryScheduleCopy-SafeguardAccountDiscoveryScheduleGet-SafeguardAccountDiscoveryScheduleAssetAdd-SafeguardAccountDiscoveryScheduleAssetRemove-SafeguardAccountDiscoveryScheduleAssetGet-SafeguardAccountDiscoveryRuleAdd-SafeguardAccountDiscoveryRuleRemove-SafeguardAccountDiscoveryRuleNew-SafeguardAccountDiscoveryRuleUnixNew-SafeguardAccountDiscoveryRuleWindowsNew-SafeguardAccountDiscoveryRuleDirectoryNew-SafeguardAccountDiscoveryRuleSpsNew-SafeguardAccountDiscoveryRuleStarlingConnectNew-SafeguardAccountDiscoveryRuleRoleBasedGet-SafeguardDiscoveredAccountImport-SafeguardDiscoveredAccountSet-SafeguardDiscoveredAccountStatusInvoke-SafeguardAssetAccountDiscoveryInvoke-SafeguardAssetServiceDiscovery
Get-SafeguardCustomPlatformNew-SafeguardCustomPlatformEdit-SafeguardCustomPlatformRemove-SafeguardCustomPlatformNew-SafeguardCustomPlatformAssetSet-SafeguardCustomPlatformAssetParameterGet-SafeguardCustomPlatformScriptParameterImport-SafeguardCustomPlatformScriptExport-SafeguardCustomPlatformScriptTest-SafeguardCustomPlatformScript
Get-SafeguardDirectoryNew-SafeguardDirectoryEdit-SafeguardDirectoryRemove-SafeguardDirectoryTest-SafeguardDirectorySync-SafeguardDirectoryGet-SafeguardDirectoryMigrationDataGet-SafeguardDirectoryIdentityProviderNew-SafeguardDirectoryIdentityProviderEdit-SafeguardDirectoryIdentityProviderRemove-SafeguardDirectoryIdentityProviderSync-SafeguardDirectoryIdentityProviderGet-SafeguardDirectoryIdentityProviderDomainGet-SafeguardDirectoryIdentityProviderSchemaMappingSet-SafeguardDirectoryIdentityProviderSchemaMapping
Get-SafeguardDirectoryAccountFind-SafeguardDirectoryAccountNew-SafeguardDirectoryAccountEdit-SafeguardDirectoryAccountRemove-SafeguardDirectoryAccountSet-SafeguardDirectoryAccountPasswordNew-SafeguardDirectoryAccountRandomPasswordTest-SafeguardDirectoryAccountPasswordInvoke-SafeguardDirectoryAccountPasswordChange
Get-SafeguardPasswordProfileNew-SafeguardPasswordProfileEdit-SafeguardPasswordProfileRemove-SafeguardPasswordProfileRename-SafeguardPasswordProfileCopy-SafeguardPasswordProfileGet-SafeguardPasswordProfileAccountAdd-SafeguardPasswordProfileAccountRemove-SafeguardPasswordProfileAccountGet-SafeguardPasswordProfileAssetAdd-SafeguardPasswordProfileAssetRemove-SafeguardPasswordProfileAssetGet-SafeguardAccountPasswordRuleNew-SafeguardAccountPasswordRuleEdit-SafeguardAccountPasswordRuleRemove-SafeguardAccountPasswordRuleRename-SafeguardAccountPasswordRuleCopy-SafeguardAccountPasswordRuleGet-SafeguardPasswordCheckScheduleNew-SafeguardPasswordCheckScheduleEdit-SafeguardPasswordCheckScheduleRemove-SafeguardPasswordCheckScheduleRename-SafeguardPasswordCheckScheduleCopy-SafeguardPasswordCheckScheduleGet-SafeguardPasswordChangeScheduleNew-SafeguardPasswordChangeScheduleEdit-SafeguardPasswordChangeScheduleRemove-SafeguardPasswordChangeScheduleRename-SafeguardPasswordChangeScheduleCopy-SafeguardPasswordChangeScheduleNew-SafeguardScheduleNew-SafeguardScheduleDailyNew-SafeguardScheduleWeeklyNew-SafeguardScheduleMonthlyByDayNew-SafeguardScheduleMonthlyByDayOfWeek
User Groups:
Get-SafeguardUserGroupNew-SafeguardUserGroupEdit-SafeguardUserGroupRemove-SafeguardUserGroupGet-SafeguardUserGroupMemberAdd-SafeguardUserGroupMemberRemove-SafeguardUserGroupMember
Asset Groups:
Get-SafeguardAssetGroupNew-SafeguardAssetGroupEdit-SafeguardAssetGroupRemove-SafeguardAssetGroupGet-SafeguardAssetGroupMemberAdd-SafeguardAssetGroupMemberRemove-SafeguardAssetGroupMember
Account Groups:
Get-SafeguardAccountGroupNew-SafeguardAccountGroupEdit-SafeguardAccountGroupRemove-SafeguardAccountGroupGet-SafeguardAccountGroupMemberAdd-SafeguardAccountGroupMemberRemove-SafeguardAccountGroupMember
Dynamic Groups:
Get-SafeguardDynamicAssetGroupNew-SafeguardDynamicAssetGroupEdit-SafeguardDynamicAssetGroupGet-SafeguardDynamicAccountGroupNew-SafeguardDynamicAccountGroupEdit-SafeguardDynamicAccountGroup
Get-SafeguardEntitlementNew-SafeguardEntitlementEdit-SafeguardEntitlementRemove-SafeguardEntitlementAdd-SafeguardEntitlementMemberRemove-SafeguardEntitlementMemberGet-SafeguardAccessPolicyAdd-SafeguardAccessPolicyEdit-SafeguardAccessPolicyRemove-SafeguardAccessPolicyGet-SafeguardAccessPolicyScopeItemGet-SafeguardAccessPolicyAccessRequestPropertyGet-SafeguardAccessPolicySessionPropertyGet-SafeguardPolicyAssetFind-SafeguardPolicyAssetGet-SafeguardPolicyAccountFind-SafeguardPolicyAccount
Get-SafeguardAccessRequestFind-SafeguardAccessRequestNew-SafeguardAccessRequestEdit-SafeguardAccessRequestClose-SafeguardAccessRequestApprove-SafeguardAccessRequestDeny-SafeguardAccessRequest(Revoke-SafeguardAccessRequest)Assert-SafeguardAccessRequestGet-SafeguardActionableRequestGet-SafeguardMyRequestGet-SafeguardMyApprovalGet-SafeguardMyReviewGet-SafeguardRequestableAccount(Get-SafeguardMyRequestable)Find-SafeguardRequestableAccount(Find-SafeguardMyRequestable)Get-SafeguardAccessRequestPassword(Get-SafeguardAccessRequestCheckoutPassword)Copy-SafeguardAccessRequestPasswordGet-SafeguardAccessRequestSshHostKeyGet-SafeguardAccessRequestSshKeyGet-SafeguardAccessRequestSshUrlGet-SafeguardAccessRequestRdpFileGet-SafeguardAccessRequestRdpUrlGet-SafeguardAccessRequestApiKeyGet-SafeguardAccessRequestActionLogStart-SafeguardAccessRequestSessionStart-SafeguardAccessRequestWebSession
Get-SafeguardTagFind-SafeguardTagNew-SafeguardTagUpdate-SafeguardTagRemove-SafeguardTagGet-SafeguardTagOccurrenceGet-SafeguardAssetTagAdd-SafeguardAssetTagRemove-SafeguardAssetTagUpdate-SafeguardAssetTagGet-SafeguardAssetAccountTagAdd-SafeguardAssetAccountTagRemove-SafeguardAssetAccountTagUpdate-SafeguardAssetAccountTagTest-SafeguardAssetTaggingRuleTest-SafeguardAssetAccountTaggingRule
Get-SafeguardEventFind-SafeguardEventGet-SafeguardEventNameGet-SafeguardEventCategoryGet-SafeguardEventPropertyGet-SafeguardEventSubscriptionFind-SafeguardEventSubscriptionNew-SafeguardEventSubscriptionEdit-SafeguardEventSubscriptionRemove-SafeguardEventSubscriptionWait-SafeguardEvent
Service:
Get-SafeguardA2aServiceStatusEnable-SafeguardA2aServiceDisable-SafeguardA2aService
Registrations:
Get-SafeguardA2aNew-SafeguardA2aEdit-SafeguardA2aRemove-SafeguardA2a
Credential Retrieval Configuration:
Get-SafeguardA2aCredentialRetrievalInformationGet-SafeguardA2aCredentialRetrievalAdd-SafeguardA2aCredentialRetrievalRemove-SafeguardA2aCredentialRetrievalGet-SafeguardA2aCredentialRetrievalIpRestrictionSet-SafeguardA2aCredentialRetrievalIpRestrictionClear-SafeguardA2aCredentialRetrievalIpRestrictionGet-SafeguardA2aCredentialRetrievalApiKeyReset-SafeguardA2aCredentialRetrievalApiKey
Access Request Broker Configuration:
Get-SafeguardA2aAccessRequestBrokerSet-SafeguardA2aAccessRequestBrokerClear-SafeguardA2aAccessRequestBrokerGet-SafeguardA2aAccessRequestBrokerIpRestrictionSet-SafeguardA2aAccessRequestBrokerIpRestrictionClear-SafeguardA2aAccessRequestBrokerIpRestrictionGet-SafeguardA2aAccessRequestBrokerApiKeyReset-SafeguardA2aAccessRequestBrokerApiKey
Credential Retrieval (calling A2A):
Get-SafeguardA2aRetrievableAccountGet-SafeguardA2aPasswordSet-SafeguardA2aPasswordGet-SafeguardA2aPrivateKeySet-SafeguardA2aPrivateKeyGet-SafeguardA2aApiKeySecret
Access Request Broker (calling A2A):
New-SafeguardA2aAccessRequest
Event Listeners (calling A2A):
Wait-SafeguardA2aEventInvoke-SafeguardA2aPasswordHandlerInvoke-SafeguardA2aSshKeyHandler
Invoke-SafeguardStarlingJoinBrowserInvoke-SafeguardStarlingJoinGet-SafeguardStarlingJoinUrlGet-SafeguardStarlingJoinInstanceGet-SafeguardStarlingSubscriptionNew-SafeguardStarlingSubscriptionRemove-SafeguardStarlingSubscriptionGet-SafeguardStarlingSettingSet-SafeguardStarlingSetting
Get-SafeguardReportA2aEntitlementGet-SafeguardReportAccountGroupMembershipGet-SafeguardReportAccountWithoutPasswordGet-SafeguardReportAssetAccountPasswordHistory(Get-SafeguardPasswordHistory)Get-SafeguardReportAssetGroupMembershipGet-SafeguardReportAssetManagementConfigurationGet-SafeguardReportDailyAccessRequestGet-SafeguardReportDailyPasswordChangeFailGet-SafeguardReportDailyPasswordChangeSuccessGet-SafeguardReportDailyPasswordCheckFailGet-SafeguardReportDailyPasswordCheckSuccessGet-SafeguardReportPasswordLastChangedGet-SafeguardReportUserEntitlementGet-SafeguardReportUserGroupMembership
Get-SafeguardArchiveServerNew-SafeguardArchiveServerEdit-SafeguardArchiveServerRemove-SafeguardArchiveServerTest-SafeguardArchiveServer
Get-SafeguardApplianceSettingSet-SafeguardApplianceSettingGet-SafeguardCoreSettingSet-SafeguardCoreSettingGet-SafeguardOAuth2GrantTypeEnable-SafeguardOAuth2GrantTypeDisable-SafeguardOAuth2GrantTypeGet-SafeguardDebugSettingsSet-SafeguardDebugSettingsEnable-SafeguardTlsLoggingDisable-SafeguardTlsLoggingGet-SafeguardSyslogServerNew-SafeguardSyslogServerEdit-SafeguardSyslogServerRemove-SafeguardSyslogServerGet-SafeguardUserPasswordRuleSet-SafeguardUserPasswordRuleNew-SafeguardUserPasswordTest-SafeguardUserPasswordGet-SafeguardLoginMessageSet-SafeguardLoginMessageGet-SafeguardDailyMessageSet-SafeguardDailyMessage
Get-SafeguardDeletedAssetRemove-SafeguardDeletedAssetRestore-SafeguardDeletedAssetGet-SafeguardDeletedAssetAccountRemove-SafeguardDeletedAssetAccountRestore-SafeguardDeletedAssetAccountGet-SafeguardDeletedUserRemove-SafeguardDeletedUserRestore-SafeguardDeletedUserGet-SafeguardPurgeSettingsUpdate-SafeguardPurgeSettingsReset-SafeguardPurgeSettings
Get-SafeguardAuditLogGet-SafeguardAuditLogAccessRequestActivityGet-SafeguardAuditLogAccessRequestSessionGet-SafeguardAuditLogDiscoveredItemGet-SafeguardAuditLogMaintenanceConfigSet-SafeguardAuditLogMaintenanceConfigInvoke-SafeguardAuditLogMaintenanceGet-SafeguardAuditLogObjectChangeGet-SafeguardAuditLogPlatformScriptGet-SafeguardAuditLogSigningCertificateHistoryGet-SafeguardScheduledAuditLogReportNew-SafeguardScheduledAuditLogReportEdit-SafeguardScheduledAuditLogReportRemove-SafeguardScheduledAuditLogReportInvoke-SafeguardScheduledAuditLogReport
Get-SafeguardReasonCodeFind-SafeguardReasonCodeNew-SafeguardReasonCodeEdit-SafeguardReasonCodeRemove-SafeguardReasonCodeGet-SafeguardReasonCodeScope
Get-SafeguardRunningTaskStop-SafeguardRunningTaskGet-SafeguardTaskLogClear-SafeguardTaskLog