Chat now with support
Chat with Support

Safeguard Authentication Services 6.0 LTS - macOS Administration Guide

Privileged Access Suite for UNIX Installation Safeguard Authentication Services macOS components Safeguard Authentication Services client configuration Special macOS features Limitations on macOS Group Policy for macOS Certificate Autoenrollment Glossary

Privileged Access Suite for UNIX

UNIX security simplified

Privileged Access Suite for UNIX solves the intrinsic security and administration issues of UNIX-based systems (including Linux and macOS) while making satisfying compliance requirements easier. It unifies and consolidates identities, assigns individual accountability, and enables centralized reporting for user and administrator access to UNIX. The Privileged Access Suite for UNIX combines an Active Directory bridge and root delegation solutions under a unified console that grants organizations centralized visibility and streamlined administration of identities and access rights across their entire UNIX environment.

Active Directory bridge

Achieve unified access control, authentication, authorization, and identity administration for UNIX, Linux, and macOS systems by extending them into Active Directory (AD) and taking advantage of AD’s inherent benefits. Patented technology allows non-Windows resources to become part of the AD trusted realm, and extends AD’s security, compliance, and Kerberos-based authentication capabilities to UNIX, Linux, and macOS. See www.oneidentity.com/products/safeguard-authentication-services/ for more information about the Active Directory Bridge product.

Root delegation

The Privileged Access Suite for UNIX offers two different approaches to delegating the UNIX root account. The suite either enhances or replaces sudo, depending on your needs.

  • By choosing to enhance sudo, you will keep everything you know and love about sudo while enhancing it with features like a central sudo policy server, centralized keystroke logs, a sudo event log, and compliance reports for who can do what with sudo.

    See www.oneidentity.com/products/privilege-manager-for-sudo/ for more information about enhancing sudo.

  • By choosing to replace sudo, you will still be able to delegate the UNIX root privilege based on centralized policy reporting on access rights, but with a more granular permission and the ability to log keystrokes on all activities from the time a user logs in, not just the commands that are prefixed with "sudo." In addition, this option implements several additional security features like restricted shells, remote host command execution, and hardened binaries that remove the ability to escape out of commands and gain undetected elevated access.

    For more information about replacing sudo, see www.oneidentity.com/products/privilege-manager-for-unix/.

Privileged Access Suite for UNIX

Privileged Access Suite for UNIX offers two editions: Standard edition and Advanced edition. Both editions include the Safeguard Authentication Services patented technology that allows organizations to extend the security and compliance of Active Directory to UNIX, Linux, and macOS platforms and enterprise applications. In addition:

  • The Standard edition licenses you for Safeguard for Sudo.

  • The Advanced edition licenses you for Privilege Manager for Unix.

About this guide

The Safeguard Authentication Services macOS Administration Guide describes the port of the Safeguard Authentication Services for macOS product to the macOS platform. Safeguard Authentication Services for macOS brings the enterprise functionality Safeguard Authentication Services supplies on every other major UNIX platform to macOS.

Safeguard Authentication Services supports both macOS and macOS Server. Safeguard Authentication Services recommends that you install all the latest Apple system updates before installing Safeguard Authentication Services.

In this guide you will find step-by-step instructions on installing, configuring, and uninstalling Safeguard Authentication Services along with a detailed explanation of the Safeguard Authentication Services components for macOS.

In addition, the Group Policy for macOS section documents each policy supported for this version of Safeguard Authentication Services for macOS.

This guide is not comprehensive and only describes those Safeguard Authentication Services features specific to macOS. For the complete documentation on all other Safeguard Authentication Services features, see the Safeguard Authentication Services Administration Guide.

Note: The term "Unix" is used informally throughout the Safeguard Authentication Services documentation to denote any operating system that closely resembles the trademarked system, UNIX.

Installation

This section includes instructions for installing and configuring the Safeguard Authentication Services agent on macOS.

Safeguard Authentication Services macOS agent installation

Download Safeguard Authentication Services from the Support Site, Download Software page. The Safeguard Authentication Services software is provided in macOS subdirectory. You can install the Safeguard Authentication Services agent software through the graphical user interface or from the command line, more common in a mass deployment scenario.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating