Release Notes
22 July 2022, 11:44
These release notes provide information about the One Identity Safeguard for Privileged Sessions release. For the most recent documents and product information, see One Identity Safeguard for Privileged Sessions - Technical Documentation.
One Identity Safeguard for Privileged Sessions Version 7.0 LTS is a
NOTE: For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide.
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
One-stop solution for all privileged access management needs
Easy to deploy and integrate
Unparalleled depth of recording
Comprehensive risk analysis of entitlements and activities
Thorough Governance for privileged account
The suite includes the following modules:
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
SPS licensing
The new SPS license has the following license options:
Basic proxies
Sudo iolog
Analytics
No HA license is required anymore and license upload does not require traffic restart.
SPS does not run an active license check for the ongoing traffic sessions and the license limits are evaluated on demand.
The license update will stop the services of the disabled license options.
Credential injection
The RDP Application session initiated on the SPP side provides the password automatically for the RemoteApp Launcher.
To use credential injection, use a connection policy for the RDP Application session that has the Credential injection flag selected.
Data migration from an SPS instance to another SPS instance
If you need to switch from an One Identity Safeguard for Privileged Sessions (SPS) instance to another SPS instance, for example, your SPS appliance is old and you want to switch it to a new one, you can use the console menu to copy all data between SPS instances.
For more information, see Data migration from an SPS instance to another SPS instance in the Administration Guide.
Configuring custom AA plugins in connection policies shared with SPP
For more information, see Sharing RDP connection policies with SPP and Sharing SSH connection policies with SPP in the Administration Guide.
The SPS login pane is visually improved. All available login methods are now organized in a drop-down menu.
If you create a new authentication method, SPS automatically fills out the Script reference field when you specify the name of the login method for the first time.
The Cleanup option has been separated from the Archive option. Using the Cleanup option, you can delete the .zat file and the corresponding metadata of the sessions.
You can set the cleanup time in Connections, or under Global Options.
Listing available login methods. List login methods (local, LDAP, RADIUS, or x509) to determine which login methods are available to you to authenticate to SPS. For more information, see Listing SPS login methods and Authenticate to the SPS REST API in the SPS REST API Reference Guide.
Downloading and installing SPS firmware through HTTP. To avoid having to manually upload large SPS firmware ISO files before upgrading, download and install SPS firmware files by providing a URL through the SPS REST API. You can download a single file, or download multiple files simultaneously. For more information, see Downloading and installing SPS firmware through HTTP in the SPS REST API Reference Guide.
Enhanced appliance health status monitoring. New parameters have been added to monitor RAID and indexer capabilities. For more information, see Monitor appliance health status in the SPS REST API Reference Guide.
Creating statistics from custom queries using the /api/configuration/reporting/custom_subchapters endpoint has been deprecated.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
