Safeguard for Privileged Passwords Release Notes
Safeguard for Privileged Passwords 7.1
Release Notes
06 December 2022, 10:09
These release notes provide information about the Safeguard for Privileged Passwords release. For the most recent documents and product information, see Online product documentation.
If you are updating a Safeguard for Privileged Passwords version prior to this release, read the release notes for the version found at: One Identity Safeguard for Privileged Passwords Technical Documentation.
Release options
Safeguard for Privileged Passwords includes two release versions:
- Long Term Support (LTS) maintenance release, version 7.0.1 LTS
- Feature release, version 7.1
The versions align with Safeguard for Privileged Sessions. For more information, see Long Term Support (LTS) and Feature Releases.
About this release
Safeguard for Privileged Passwords Version 7.1 is a major feature release with new features, resolved issues, and known issues.
About the Safeguard product line
The Safeguard for Privileged Passwords 3000 and 2000 Appliances are built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system, and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management and shortening the time frame to value.
Safeguard for Privileged Passwords virtual appliances and cloud applications are also available. When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.
Safeguard privileged management software suite
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
- One-stop solution for all privileged access management needs
- Easy to deploy and integrate
- Unparalleled depth of recording
- Comprehensive risk analysis of entitlements and activities
- Thorough Governance for privileged account
The suite includes the following modules:
- Safeguard for Privileged Passwords automates, controls, and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
-
One Identity for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers to integrate seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
NOTE: Configuration options and details related to Safeguard for Privileged Sessions will only be visible to customers that have purchased and joined the product to Safeguard for Privileged Passwords.
-
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics, and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time, and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action and ultimately prevent data breaches.
Figure 1: Privileged Sessions and Privileged Passwords
New features
Customizable branding options for the login page and application header (313837)
Appliance Administrators can now customize the branding used on the login page and application header for their users. This allows companies to customize the end user experience to better match their own company aesthetics.
Managing the enable password for Cisco IOS (279461)
In addition to managing user accounts, Safeguard can also manage the password for the Cisco enable command on Cisco IOS. The enable account appears as a normal user account in Safeguard, except that it is marked as a privileged account. This means that it cannot be used as a service account, and you cannot generate or install an SSH key for it.
New Connect for Safeguard Assets service available in Starling (272609)
Available after Safeguard for Privileged Passwords has been joined to Starling, Connect for Safeguard Assets is designed to extend the capabilities of Safeguard for Privileged Passwords to allow for disconnected assets to be discovered and managed by Safeguard for Privileged Passwords. For more information, see the Connect for Safeguard Assets User Guide.
Wildcards now allowed in searches (306749)
Search fields throughout Safeguard for Privileged Passwords now support the use of wildcards.
NOTE: In addition to the web client search improvements, new query operators (starts with and ends with) have also been added to the API.
Support for managing Safeguard for Privileged Sessions credentials (302518)
Safeguard for Privileged Passwords supports managing Safeguard for Privileged Sessions credentials in order to provide additional security for Safeguard for Privileged Sessions accounts.
Application to application support for web application firewall (314624)
Applications behind a web application firewall can now connect to Safeguard for Privileged Passwords via the TLS termination reverse proxy.
Safeguard for Privileged Passwords now hides Safeguard for Privileged Sessions related configuration options until joined (318250)
Configuration options and details related to Safeguard for Privileged Sessions will only be visible to customers that have purchased and joined the product to Safeguard for Privileged Passwords. Previously these Safeguard for Privileged Sessions options were visible but unusable within Safeguard for Privileged Passwords.
Discovered Services tab added to Accounts view (321584)
Applicable only to Windows and Active Directory accounts, a Discovered Services tab has been added when viewing Accounts which displays information on the services dependent to a selected account.
Enhancement to RDP application auto-login feature (314627)
An enhancement has been made to the RDP application auto-login feature added in Safeguard for Privileged Passwords 7.0. When creating a new access request policy, a new Application program option is available for Windows Server and Windows Desktop. This option allows you to enter an application program with command line.
Enhancements
The following is a list of enhancements implemented in Safeguard for Privileged Passwords 7.1.
Table 1: General enhancements
|
LDAPS authentication support for Active Directory. |
298560 |
|
Windows Performance Monitor logs that include 30 days history regarding the appliance's CPU, memory, and disk usage have now been added to Support Bundles. |
191617 |
|
Support for users with Active Directory's Fine-Grained Password Policy. |
314037 |
|
A few settings have been moved from the Local Login Control page to the Security Policy Management > Settings page and to the new Application Management > Settings page. In addition, a new Show Access Request Conflict User Name setting is now available on the Security Policy Management > Settings. |
307281 |
|
For AD group names, increased the character limit to 64. |
280114 |
|
When making an Access Request and the password is in use it now shows username of user rather than ID. |
307401 |
| A new Hide Alter User command from verbose log_statement logging option is enabled by default for new PostgreSQL assets with log_statement configured starting with SPP 7.1, but customers upgrading to 7.1 that want to enable the option will need to reconfigure any existing PostgreSQL assets to have a service account with superuser permissions and enable the option. |
313793 |
|
In Access Request Policy, when using the RDP Application session type the Application Display Name field is now limited to 255 characters. |
322845 |
|
No longer limiting ports for SAP Systems. |
324400 |
|
Display which SPS node is being used in Access Request Activity. |
314223 |
|
Increased Password Policy name to up to 255 characters. |
322460 |
