Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.5 - Release Notes

One Identity Safeguard for Privileged Passwords Release Notes

One Identity Safeguard for Privileged Passwords 7.5

Release Notes

04 April 2024, 16:30

These release notes provide information about the One Identity Safeguard for Privileged Passwords release. For the most recent documents and product information, see Online product documentation.

If you are updating a SPP version prior to this release, read the release notes for the version found at: One Identity Safeguard for Privileged Passwords Technical Documentation.

Release options

SPP includes two release versions:

  • Long Term Support (LTS) maintenance release, version 7.0.5 LTS
  • Feature release, version 7.5

The versions align with Safeguard for Privileged Sessions. For more information, see Long Term Support (LTS) and Feature Releases.

About this release

One Identity Safeguard for Privileged Passwords Version 7.5 is a major feature release with new features, resolved issues, and known issues.

About the Safeguard product line

The One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance are built specifically for use only with the SPP privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system, and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management and shortening the time frame to value.

SPP virtual appliances and cloud applications are also available. When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.

Safeguard privileged management software suite

Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.

The Safeguard products' unique strengths are:

  • One-stop solution for all privileged access management needs
  • Easy to deploy and integrate
  • Unparalleled depth of recording
  • Comprehensive risk analysis of entitlements and activities
  • Thorough Governance for privileged account

The suite includes the following modules:

  • One Identity Safeguard for Privileged Passwords automates, controls, and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, SPP eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
  • One Identity for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.

    Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers to integrate seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.

    NOTE: Configuration options and details related to Safeguard for Privileged Sessions will only be visible to customers that have purchased and joined the product to One Identity Safeguard for Privileged Passwords.

  • One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics, and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time, and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action and ultimately prevent data breaches.

    Figure 1: Privileged Sessions and Privileged Passwords

New features

Disconnected Assets Licensing (Starling Connect for Safeguard Assets) (444155)

New customers are advised to inquire about purchasing a Disconnected Assets license along with their regularly purchased Password Management license. The Disconnected Assets license can help reduce the overall license cost for some customers.

Existing customers will be sent a Disconnected Assets license to be added to their Safeguard for Privileged Passwords upon request.

Please reach out to your Account Manager for more information or request pricing for One Identity Safeguard for Privileged Passwords.

Support for vaulting files securely (400427)

SPP now allows you to upload and store files securely and to check files out using the access policy mechanism.

Support for just-in-time (JIT) account privilege elevation and demotion for supported platforms (427277)

In the SPP web client, in Asset Management > Assets > (View Details) > Accounts, on the Management tab, the JIT Privilege Group Membership option has been added. With JIT Privilege Group Membership, you can assign groups to grant just-in-time (JIT) privileges to the account at the time of checkout, then correspondingly remove these groups from the account at the time of check-in.

Support for Hyper-V asset discovery (405285)

SPP now allows you to discover VMs that are running on Hyper-V servers so that you can add them as assets in Safeguard to manage privilege account credentials.

Support for managing Azure Active Directory (Azure AD) domain joined assets using an Azure AD directory account (258085)

SPP now allows you to manage Azure AD domain joined assets using an Azure AD directory account.

Support for controlling if background wallpaper is displayed when using RDP via an SPP-initiated session request (443128)

In the SPP web client, in Security Policy Management > Entitlements > Access Request Policies > (create or edit a policy), the Show Remote Desktop Wallpaper Background option has been added. Select this check box to have Remote Desktop (RDP) session requests include a client setting allowing for desktop wallpaper to be displayed.

Resolved issues

Issues addressed by this release follow.

Table 1: General resolved issues
Resolved issue

Issue ID

Resolved an issue in the web client: in Asset Management > Profiles > View Password Profile Components > Change Password, if the Change Password even if release is active check box is cleared, SPP no longer attempts to perform a password change that would fail.

392620

Starling join now sets the 'Starling Hostname' settings variable according to the Azure region.

424162

Resolved an issue of receiving an unsupported network adapter ("Amazon Elastic Network Adapter") error message on an AWS deployment of SPP.

427920

Resolved an issue where Primary was in Offline Workflow mode when AuditLogPurge ran.

427930

Improved A2A logging to help determine which certificate, common name, or source IP failed to log in, when requesting a secret using A2A results in an unauthorized error message.

428300

In the web client, resolved an issue of not receiving a notification email after adding an email event for the Access Request Session Playback Initialized event in External Integration > Email Events. The playback event will be logged in the session activity category and policy administrators will be notified.

432080

In the web client, resolved an issue where after changing the password profile from an automatic change to a manual change schedule, one additional automatic change occurred, delaying the password change schedule to be applied immediately.

433207

In the web client, deleting an account now updates the number of linked accounts in Security Policy Management > Linked Accounts.

433210

Replica appliances are now able to synchronize NTP with the primary appliance.

433223

In the web client, resolved an issue where many accounts were in a Pending Password Reset state, which blocked access requests for users despite selecting the Pending Reviews Do Not Block Access check box in the Reviewer tab of a Workflow for an access request policy.

433278

Fixed an issue where SPP sessions did not automatically close after reaching the configured time limit expiry.

433322

When adding an entitlement to a user in the User UI, the Event is RemoveMembership, not AddMembership.

433323

In the web client, in My Requests, selecting or clearing the Show Account Request Availability check box no longer affects (delays) the availability of session requests.

437393

In the web client, Use Time Windows now displays properly in non-English languages instead of showing all sections unavailable.

437433

Resolved an issue in the web client, where after launching multiple SPP-initiated sessions on the same SSH asset, on the Access Request Activity page, the number of open sessions were displayed incorrectly.

437764

Resolved an issue related to Starling directory search: in the web client, the Activity Center displayed that the delete synchronization on directory Starling tasks failed with an error message, but the users and groups were synchronized successfully.

438107

In the web client, resolved an issue where requesting Telnet sessions using user-supplied credentials (My Credentials) resulted in an Invalid or missing username provided. (90509) error message.

438117

Resolved an issue where installing a trusted certificate to a cluster failed.

438354

Resolved an issue where after upgrading to SPP 7.4 either on a primary or a replica appliance, users could not acknowledge password and session requests.

438619

Optimized CPU usage on the Application to Application (A2A) service.

439724

Resolved an issue in the web client: when creating or editing an account on a Active Directory asset, the manually entered Alternate Login Name entry was ignored, and the AD attribute was used instead.

439893

Fixed this issue: Directory Sync Deleted users added when added using script.

439907

Resolved an issue where using account discovery, the Salesforce Connector only listed 500 accounts instead of all accounts.

440258

Resolved an issue where emails could not be sent via SendGrid due to a missing From header.

440685

In the Cloud Assistant app for Microsoft Teams, messages were sent in the language of the requester, not in the language of the receiver. This issue has been fixed.

441977

SPP no longer attempts to send notification emails about personal password expiration to deleted user accounts.

442277

Generating a support bundle no longer fails due to a failure to get Windows Update log files.

442540

Improved error message for FGPP permission issues.

442918

In the web client, in the Email field for users, when entering the email address with a prefix or suffix space by accident, the extra space is automatically removed (trimmed).

443044

Ownership-partition report now shows all data.

445076

The default timeout for network based asset discovery jobs has been increased. The web UI now also shows the asset discovery IP address scan timeout value.

445122

Fixed an issues on the web UI: SSH Key Generation and Deployment option switched back to the default value after setting and saving the job. Exiting and then reopening the same page now shows the value set by the user.

446257

Fixed this issue: Dell iDrac platform version is not saved. When you create or edit an iDrac asset using the web UI, the version is now saved.

447431

Audit purge failing.

448691

Access request replica UI advanced search shows no results.

449050

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating