Chat now with support
Chat mit Support

One Identity Safeguard for Privileged Passwords 6.9 - Release Notes

Resolved issues

Issues addressed by this release follow.

Table 2: General resolved issues
Resolved issue

Issue ID

Asset changes via tags are now correctly showing in an Access Request Policy without having to update the policy directly.

258881

Changing the type of access request policy no longer causes requests to fail.

260705

Check and change log now correctly displaying results when a new date range is set. 261819

Fixed an intermittent issue where the access request policy was unable to remove a directory account from access config.

262488

For Password Rule settings, the Test Rule button is now working correctly.

259982

Fixed a certificate validation issue.

230351

Fixed an issue with the manufacturing endpoint failing when using VMWare Workstation with the number of processors set to more than 1.

263526

Fixed an issue to allow SSH key rotation/management by central key management.

257490

Now able to use double-click to open a saved report.

188151

Syslog settings now allowing for multiple events to be added at once.

263211

Addressed an issue with a replica enroll failing.

263420

Fixed an issue where SPP offline workflow VA was not connecting to the remaining SPS in an HA/DR strategy.

263653

Syslog CEF format now includes Device Event Class ID in header.

258986

Asset and Account Discovery no longer showing “Other directory” as an available directory for discovery tasks.

262508

SPP no longer blocking sessions when SSH host key not found.

258758/191621/260126

Fixed an issue where TerminateExpireSession had stopped working in policies with an external SPS.

264805/260312

Expired entitlements/ARP no longer showing when making an access request.

264623

Fixed an issue with CEF formatting.

264386

Fixed an issue that was causing an error to appear when a reviewer refreshed the desktop client.

265496

Fixed an issue where follow mode initiated from Safeguard for Privileged Passwords caused a network error for the Desktop player.

188409

Known issues

The following is a list of issues known to exist at the time of release.

Known issue

Issues may occur when launching telnet sessions after upgrading a Safeguard for Privileged Sessions appliance. If you are experiencing issues, ensure you have downloaded and installed the latest telnet plugin before contacting support. Additional information on configuring and supporting tenet sessions is also available on the telnet plugin site.

If session playback is failing for fully indexed sessions, the desktop player may need to be upgraded to 1.9.4 or greater.

SPS initiated sessions failing when using netbios name.

Workaround: Use the domain name.

To add a network interface to a Safeguard appliance running on VMware, a user must add the network adapter to the VM and then reboot the appliance. There is a known issue where this may cause the appliance to enter quarantine. Accessing the appliance via the VM console the user can reboot the appliance which should return the appliance to a working state.

System requirements and versions

Safeguard for Privileged Passwords has several graphical user interfaces that allow you to manage access requests, approvals, and reviews for your managed accounts and systems:

  • The Windows desktop client consists of an end-user view and administrator view. The fully featured desktop client exposes all of the functionality of Safeguard based on the role of the authenticated user.
  • The web client is functionally similar to the desktop client end-user view and useful for requesters, reviewers, and approvers. Many administration functions are available as well.
  • The web management console displays whenever you connect to the virtual appliance and is used for first time configuration.
    When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.

CAUTION: The Safeguard for Privileged Passwords client version must match the installed Safeguard for Privileged Passwords version.

Ensure that your system meets the minimum hardware and software requirements for these clients.

If a Safeguard Sessions Appliance is linked to Safeguard for Privileged Passwords, session recording is handled via Safeguard for Privileged Session. The link is initiated from Safeguard for Privileged Sessions. For details about the link steps and issue resolution, see the One Identity Safeguard for Privileged Sessions Administration Guide.

Bandwidth

It is recommended that connection, including overhead, is faster than 10 megabits per second inter-site bandwidth with a one-way latency of less than 500 milliseconds. If you are using traffic shaping, you must allow sufficient bandwidth and priority to port 655 UDP/TCP in the shaping profile. These numbers are offered as a guideline only in that other factors could require additional network tuning. These factors include but are not limited to: jitter, packet loss, response time, usage, and network saturation. If there are any further questions, please check with your Network Administration team.

Desktop client system requirements

The desktop client is a Windows application suitable for use on end-user machines. You install the desktop client by means of an MSI package that you can download from the appliance web client portal. You do not need administrator privileges to install Safeguard for Privileged Passwords.

NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:

  • Any reference to putty in the PATH environment variable
  • c:/Program Files/Putty
  • c:/Program Files(x86)/Putty
  • c:/Putty

If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:

<user-home-dir>/AppData/Local/Safeguard/putty.

If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.

Table 3: Desktop client requirements
Component Requirements
Technology

Microsoft .NET Framework 4.7.2 (or later)

Windows platforms

64-bit editions of:

  • Windows 7
  • Windows 8.1
  • Windows 10
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

If the appliance setting, TLS 1.2 Only is enabled, (Administrative Tools | Settings | Appliance | Appliance Information), ensure the desktop client also has TLS 1.2 enabled. If the client has an earlier version of TLS enabled, you will be locked out of the client and will not be able to connect to Safeguard for Privileged Passwords.

IMPORTANT: The Windows 7 Desktop client has additional requirements in order to enable TLS 1.2. For information, see Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows.

Considerations:

  • Internet Explorer security must be set to use TLS 1.0 or higher. Ensure the proper "Use TLS" setting is enabled on the Advanced tab of the Internet Options dialog (In Internet Explorer, go to Tools | Internet Options | Advanced tab).
  • To use FIDO2 two-factor authentication, you will need a web browser that supports the WebAuthn standard.

Desktop Player

See One Identity Safeguard for Privileged Sessions Safeguard Desktop Player User Guide available at: One Identity Safeguard for Privileged Sessions - Technical Documentation.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen