Safeguard for Privileged Passwords allows you to manage access requests, approvals, and reviews for your managed accounts and systems.
- The web client consists of an end-user view and administrator view. The fully featured client exposes all of the functionality of Safeguard based on the role of the authenticated user.
- The web management console displays whenever you connect to the virtual appliance and is used for first time configuration.
When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.
Ensure that your system meets the minimum hardware and software requirements for these clients.
If a Safeguard Sessions Appliance is linked to Safeguard for Privileged Passwords, session recording is handled via Safeguard for Privileged Session. The link is initiated from Safeguard for Privileged Sessions. For details about the link steps and issue resolution, see the One Identity Safeguard for Privileged Sessions Administration Guide.
Bandwidth
It is recommended that connection, including overhead, is faster than 10 megabits per second inter-site bandwidth with a one-way latency of less than 500 milliseconds. If you are using traffic shaping, you must allow sufficient bandwidth and priority to port 655 UDP in the shaping profile. These numbers are offered as a guideline only in that other factors could require additional network tuning. These factors include but are not limited to: jitter, packet loss, response time, usage, and network saturation. If there are any further questions, please check with your Network Administration team.
Table 6: Web kiosk requirements
Web management console |
Desktop browsers:
- Apple Safari 16.0 for desktop (or later)
- Google Chrome 108 (or later)
- Microsoft Edge 108 (or later)
- Mozilla Firefox 108 (or later)
|
Platforms and versions follow.
Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.
Safeguard for Privileged Passwords tested platforms
The following table lists the platforms and versions that have been tested for Safeguard for Privileged Passwords (SPP). Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, Other Directory, or Linux selection on the Management tab of the Asset dialog. For more information, see Management tab (add asset).
SPP linked to SPS: Sessions platforms
|
CAUTION: When linking your One Identity Safeguard for Privileged Sessions (SPS) deployment to your One Identity Safeguard for Privileged Passwords (SPP) deployment, ensure that the SPS and SPP versions match exactly, and keep the versions synchronized during an upgrade. For example, you can only link SPS version 6.6 to SPP version 6.6, and if you upgrade SPS to version 6.7, you must also upgrade SPP to 6.7.
Make sure that you do not mix Long Term Supported (LTS) and feature releases. For example, do not link an SPS version 6.0.1 to an SPP version 6.1. |
When Safeguard for Privileged Passwords (SPP) is linked with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:
- SPP 2.8 or lower: RDP, SSH
- SPP 2.9 or higher: RDP, SSH, or Telnet
Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.
Table 7: Supported platforms: Assets that can be managed
ACF2 - Mainframe |
ACF2 - Mainframe LDAP r14 zSeries
ACF2 - Mainframe LDAP r15 zSeries |
True |
True |
ACF2 - Mainframe LDAP |
ACF2 - Mainframe LDAP r14 zSeries
ACF2 - Mainframe LDAP r15 zSeries |
True |
False |
Active Directory |
Active Directory |
True |
False |
AIX |
AIX 7.1
AIX 7.2
AIX 7.3 |
True |
True |
Amazon Linux |
Amazon Linux 2
Amazon Linux 2022
Amazon Linux Other |
True |
True |
Amazon Web Services |
Amazon Web Services 1 |
True |
False |
CentOS Linux |
CentOS Linux 7
CentOS Linux 8 |
True |
True |
Check Point GAiA (SSH) |
Check Point GAiA (SSH) R76
Check Point GAiA (SSH) R77
Check Point GAiA (SSH) R80.30 |
True |
True |
Cisco ASA |
Cisco ASA 7.X
Cisco ASA 8.X
Cisco ASA 9.X |
True |
True |
Cisco IOS (510) |
Cisco IOS 12.X
Cisco IOS 15.X
Cisco IOS 16.X |
True |
True |
Cisco ISE |
Cisco ISE 2.7
Cisco ISE 3 |
True |
False |
Cisco ISE CLI |
Cisco ISE CLI 2.7
Cisco ISE CLI 3 |
True |
True |
Cisco NX-OS |
Cisco NX-OS 9.3(7)
Cisco NX-OS 9.3(7a) |
True |
True |
Debian GNU/Linux |
Debian GNU/Linux 9
Debian GNU/Linux 10
Debian GNU/Linux 11 |
True |
True |
Dell iDRAC |
Dell iDRAC 7
Dell iDRAC 8
Dell iDRAC 9 |
True |
True |
eDirectory LDAP |
eDirectory LDAP 9.0 |
True |
False |
ESXi |
ESXi 7.0
ESXi 8.0 |
True |
False |
F5 Big-IP |
F5 Big-IP 12.1.2
F5 Big-IP 13.0
F5 Big-IP 14.0
F5 Big-IP 15.0 |
True |
True |
Fedora |
Fedora 36
Fedora 37 |
True |
True |
Fortinet FortiOS |
Fortinet FortiOS 5.2
Fortinet FortiOS 5.6
Fortinet FortiOS 6.0
Fortinet FortiOS 6.2
Fortinet FortiOS 7.0 |
True |
True |
FreeBSD |
FreeBSD 12
FreeBSD 13 |
True |
True |
HP iLO |
HP iLO 2
HP iLO 3
HP iLO 4
HP iLO 5 |
True |
True |
HP iLO MP |
HP iLO MP 2
HP iLO MP 3 |
True |
True |
HP-UX |
HP-UX 11iv3 (B.11.31) |
True |
True |
IBM i |
IBM i 7.3
IBM i 7.4 |
True |
True |
Junos - Juniper Networks |
Junos - Juniper Networks 19
Junos - Juniper Networks 20
Junos - Juniper Networks 21
Junos - Juniper Networks 22 |
True |
True |
LDAP |
OpenLDAP 2.4 |
True |
False |
Linux |
|
True |
True |
macOS |
macOS 11
macOS 12
macOS 13 |
True |
True |
MongoDB |
MongoDB 4.2
MongoDB 4.4
MongoDB 5.0
MongoDB 6.0 |
True |
False |
MySQL |
MySQL 5.7
MySQL 8.0 |
True |
False |
Oracle |
Oracle 19c
Oracle 21c |
True |
False |
Oracle Linux (OL) |
Oracle Linux (OL) 7
Oracle Linux (OL) 8
Oracle Linux (OL) 9 |
True |
True |
Other |
|
False |
False |
Other Directory |
|
True |
False |
Other Managed |
|
True |
False |
PAN-OS |
PAN-OS 9.1
PAN-OS 10.1
PAN-OS 10.2 |
True |
True |
PostgreSQL |
PostgreSQL 11
PostgreSQL 12
PostgreSQL 13
PostgreSQL 14
PostgreSQL 15 |
True |
False |
RACF - Mainframe |
RACF - Mainframe z/OS V2.1 Security Server zSeries
RACF - Mainframe z/OS V2.2 Security Server zSeries
RACF - Mainframe z/OS V2.3 Security Server zSeries |
True |
True |
RACF - RACF - Mainframe LDAP |
RACF - Mainframe LDAP z/OS V2.1 Security Server zSeries
RACF - RACF - Mainframe LDAP z/OS V2.2 Security Server zSeries
RACF - RACF - Mainframe LDAP z/OS V2.3 Security Server zSeries |
True |
False |
Red Hat Enterprise Linux (RHEL) |
Red Hat Enterprise Linux (RHEL) 7
Red Hat Enterprise Linux (RHEL) 8
Red Hat Enterprise Linux (RHEL) 9 |
True |
True |
Red Hat Directory Server |
Red Hat Directory Server 11 |
True |
False |
SAP HANA |
SAP HANA
SAP HANA 2 |
True |
False |
SAP Netweaver Application Server |
SAP Netweaver Application Server 7.3
SAP Netweaver Application Server 7.4
SAP Netweaver Application Server 7.5 |
True |
False |
Safeguard for Privileged Sessions |
Safeguard for Privileged Sessions 7.0 |
True |
True |
Solaris |
Solaris 10
Solaris 11.3
Solaris 11.4 |
True |
True |
SonicOS |
SonicOS 6.5
SonicOS 7
SonicOSX 7 |
True |
False |
SonicWALL SMA or CMS |
SonicWALL SMA or CMS 11.3.0 |
True |
False |
SQL Server |
SQL Server 2012
SQL Server 2014
SQL Server 2016
SQL Server 2017
SQL Server 2019
SQL Server 2022 |
True |
False |
SUSE Linux Enterprise Server (SLES) |
SUSE Linux Enterprise Server (SLES) 12
SUSE Linux Enterprise Server (SLES) 15 |
True |
True |
Sybase (Adaptive Server Enterprise) |
Sybase (Adaptive Server Enterprise) 15.7
Sybase (Adaptive Server Enterprise) 16
Sybase (Adaptive Server Enterprise) 17 |
True |
False |
Top Secret - Mainframe |
Top Secret - Mainframe r14 zSeries
Top Secret - Mainframe r15 zSeries
Top Secret - Mainframe r16 zSeries |
True |
False |
Top Secret - Mainframe LDAP |
Top Secret - Mainframe LDAP r14
Top Secret - Mainframe LDAP r15
Top Secret - Mainframe LDAP r16 |
True |
True |
Ubuntu |
Ubuntu 18.04 LTS
Ubuntu 22.04 LTS
Ubuntu 22.10 |
True |
True |
Windows Desktop
Windows Desktop (SSH)
Windows Desktop (WinRM)
Windows Server
Windows Server (SSH)
Windows Server (WinRM) |
Windows (SSH) 10
Windows (SSH) 11
Windows (SSH) Server 2012
Windows (SSH) Server 2012 R2
Windows (SSH) Server 2016
Windows (SSH) Server 2019
Windows (SSH) Server 2022
Windows 10
Windows 11
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022 |
True |
True |
Table 8: Supported platforms: Directories that can be searched
Microsoft Active Directory |
Windows 2008+ DFL/FFL |
LDAP |
2.4 |
For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.
IMPORTANT: For the current list of platforms supported by Connect for Safeguard Assets, see the Connect for Safeguard Assets User Guide.
Custom platforms
The following example platform scripts are available:
- Custom HTTP
- Linux SSH
- Telnet
- TN3270 transports are available
For more information, see Custom platforms and Creating a custom platform script.
Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:
|
CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms. |