Chat now with support
Chat mit Support

Safeguard for Privileged Passwords On Demand Hosted - User Guide

Introduction System requirements and versions Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests About us

Desktop client system requirements

The desktop client is a Windows application suitable for use on end-user machines. You install the desktop client by means of an MSI package that you can download from the appliance web client portal. You do not need administrator privileges to install One Identity Safeguard for Privileged Passwords.

NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:

  • Any reference to putty in the PATH environment variable
  • c:/Program Files/Putty
  • c:/Program Files(x86)/Putty
  • c:/Putty

If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:

<user-home-dir>/AppData/Local/Safeguard/putty.

If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.

Table 1: Desktop client requirements
Component Requirements
Technology

Microsoft .NET Framework 4.7.2 (or later)

Windows platforms

64-bit editions of:

  • Windows 7
  • Windows 8.1
  • Windows 10
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

If the appliance setting, TLS 1.2 Only is enabled, (Administrative Tools | Settings | Appliance | Appliance Information), ensure the desktop client also has TLS 1.2 enabled. If the client has an earlier version of TLS enabled, you will be locked out of the client and will not be able to connect to Safeguard for Privileged Passwords.

IMPORTANT: The Windows 7 Desktop client has additional requirements in order to enable TLS 1.2. For information, see Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows.

Considerations:

  • To use FIDO2 two-factor authentication, you will need a web browser that supports the WebAuthn standard.

Desktop Player

See One Identity Safeguard for Privileged Sessions Safeguard Desktop Player User Guide available at: One Identity Safeguard for Privileged Sessions - Technical Documentation.

Web client system requirements

Table 2: Web requirements
Component Requirements
Web browsers

Desktop browsers:

  • Apple Safari 13.1 for desktop (or later)
  • Google Chrome 80 (or later)
  • Microsoft Edge 80 (or later)
  • Mozilla Firefox 69 (or later)

Mobile device browsers:

  • Apple iOS 13 (or later)
  • Google Chrome on Android version 80 (or later)

Web management console system requirements

Table 3: Web kiosk requirements
Component Requirements
Web management console

Desktop browsers:

  • Apple Safari 13.1 for desktop (or later)
  • Google Chrome 80 (or later)
  • Microsoft Edge 80 (or later)
  • Mozilla Firefox 69 (or later)

Platforms and versions follow.

  • You must license the VM with a Microsoft Windows license. We recommend using either the MAK or KMS method. Specific questions about licensing should be directed to your Sales Representative.

  • Supported hypervisors:
    • Microsoft Hyper-V (VHDX) version 8 or higher
    • VMware vSphere with vSphere Hypervisor (ESXi) versions 6.5 or higher
    • VMware Worksation version 13 or higher

  • Minimum resources: 4 CPUs, 10GB RAM, and a 500GB disk. The virtual appliances default deploy does not provide adequate resources. Ensure these minimum resources are met.

Supported platforms

One Identity Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.

Safeguard for Privileged Passwords tested platforms

The following table lists the platforms and versions that have been tested for Safeguard for Privileged Passwords (SPP). Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, Other Directory, or Linux selection on the Management tab of the Asset dialog.

NOTE: Prior to Safeguard for Privileged Passwords 6.8, the version and architecture information was readonly. It was stored with the platform and formed part of the platform name. As of Safeguard for Privileged Passwords 6.8, this information is no longer associated with the platform. It is now optional, and can be configured on each asset.

A new set of platforms are defined in Safeguard for Privileged Passwords 6.8 to replace the legacy platforms. See the table below for details on how the legacy platforms are mapped to the new platforms.

For customers upgrading from a pre-6.8 version of Safeguard for Privileged Passwords, the legacy platform will automatically be mapped to the corresponding new platform for each existing asset. Following an upgrade, the platform id of each existing asset will have changed. Some platform names may also have changed. From the desktop UI, only the new platforms are available when creating an asset. By default, the API will also only report the new platforms. For example, a GET request to the following URI will report only the new platforms:

https://<appliance>/servive/core/V3/Platforms

The legacy platforms still exist within Safeguard for Privileged Passwords for reference, but can only be retrieved using a filter query with the API. For example, the following will retrieve the legacy Active Directory platform:

https://<appliance>/servive/core/V3/Platforms?filter=Id%20eq%203

SPP linked to SPS: Sessions platforms

CAUTION: When linking your One Identity Safeguard for Privileged Sessions (SPS) deployment to your One Identity Safeguard for Privileged Passwords (SPP) deployment, ensure that the SPS and SPP versions match exactly, and keep the versions synchronized during an upgrade. For example, you can only link SPS version 6.6 to SPP version 6.6, and if you upgrade SPS to version 6.7, you must also upgrade SPP to 6.7.

Make sure that you do not mix Long Term Supported (LTS) and feature releases. For example, do not link an SPS version 6.0 to an SPP version 6.1.

When Safeguard for Privileged Passwords (SPP) is linked with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:

  • SPP 2.8 or lower: RDP, SSH
  • SPP 2.9 or higher: RDP, SSH, or Telnet

Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.

Table 4: Supported platforms: Assets that can be managed
Platform Name Legacy Platform (ID)

Supports SPP

Supports SPS Access

ACF2 - Mainframe

ACF2 - Mainframe LDAP r14 zSeries

ACF2 - Mainframe LDAP r15 zSeries

True

True

ACF2 - Mainframe LDAP

ACF2 - Mainframe LDAP r14 zSeries

ACF2 - Mainframe LDAP r15 zSeries

True

False

Active Directory

Active Directory

True

False

AIX

AIX 6.1 PPC

AIX 7.1 PPC

AIX 7.2 PPC

AIX Other

True

True

Amazon Linux

Amazon Linux 2 x86_64

Amazon Linux Other x86_64

True

True

Amazon Web Services

Amazon Web Services 1

True

False

CentOS Linux

CentOS Linux 6 x86

CentOS Linux 6 x86_64

CentOS Linux 7 x86_64

CentOS Linux 8 x86_64

CentOS Linux Other

True

True

Check Point GAiA (SSH)

Check Point GAiA (SSH) R76

Check Point GAiA (SSH) R77

Check Point GAiA (SSH) R80.30

True

True

Cisco ASA

Cisco ASA 7.X

Cisco ASA 8.X

Cisco ASA 9.X

Cisco ASA Other

True

True

Cisco IOS (510)

Cisco IOS 12.X

Cisco IOS 15.X

Cisco IOS 16.X

Cisco IOS Other

True

True

Cisco ISE

Cisco ISE 2.7

Cisco ISE 3

True

False

Cisco ISE CLI

Cisco ISE CLI 2.7

Cisco ISE CLI 3

True

True

Cisco NX-OS

Cisco NX-OS 9.3(7)

Cisco NX-OS 9.3(7a)

True

True

Debian GNU/Linux (511)

Debian GNU/Linux 10 MIPS

Debian GNU/Linux 10 PPC

Debian GNU/Linux 10 x86

Debian GNU/Linux 10 x86_64

Debian GNU/Linux 10 zSeries

Debian GNU/Linux 6 MIPS

Debian GNU/Linux 6 PPC

Debian GNU/Linux 6 x86

Debian GNU/Linux 6 x86_64

Debian GNU/Linux 6 zSeries

Debian GNU/Linux 7 MIPS

Debian GNU/Linux 7 PPC

Debian GNU/Linux 7 x86

Debian GNU/Linux 7 x86_64

Debian GNU/Linux 7 zSeries

Debian GNU/Linux 8 MIPS

Debian GNU/Linux 8 PPC

Debian GNU/Linux 8 x86

Debian GNU/Linux 8 x86_64

Debian GNU/Linux 8 zSeries

Debian GNU/Linux 9 MIPS

Debian GNU/Linux 9 PPC

Debian GNU/Linux 9 x86

Debian GNU/Linux 9 x86_64

Debian GNU/Linux 9 zSeries

Debian GNU/Linux Other

True

True

Dell iDRAC

Dell iDRAC 7

Dell iDRAC 8

Dell iDRAC 9

True

True

eDirectory LDAP

eDirectory LDAP 9.0

True

False

ESXi

ESXi 5.5

ESXi 6.0

ESXi 6.5

ESXi 6.7

ESXi 7.0

True

False

F5 Big-IP

F5 Big-IP 12.1.2

F5 Big-IP 13.0

F5 Big-IP 14.0

F5 Big-IP 15.0

True

True

Facebook (Deprecated)

Facebook (Deprecated)

 

 

Fedora

Fedora 21 x86

Fedora 21 x86_64

Fedora 22 x86

Fedora 22 x86_64

Fedora 23 x86

Fedora 23 x86_64

Fedora 24 x86

Fedora 24 x86_64

Fedora 25 x86

Fedora 25 x86_64

Fedora 26 x86

Fedora 26 x86_64

Fedora 27 x86

Fedora 27 x86_64

Fedora 28 x86

Fedora 28 x86_64

Fedora 29 x86

Fedora 29 x86_64

Fedora 30 x86

Fedora 30 x86_64

Fedora 31 x86

Fedora 31 x86_64

Fedora 32 x86

Fedora 32 x86_64

Fedora Other

True

True

Fortinet FortiOS

Fortinet FortiOS 5.2

Fortinet FortiOS 5.6

Fortinet FortiOS 6.0

Fortinet FortiOS 6.2

True

True

FreeBSD

FreeBSD 10.4 x86

FreeBSD 10.4 x86_64

FreeBSD 11.1 x86

FreeBSD 11.1 x86_64

FreeBSD 11.2 x86

FreeBSD 11.2 x86_64

FreeBSD 12.0 x86

FreeBSD 12.0 x86_64

True

True

HP iLO

HP iLO 2 x86

HP iLO 3 x86

HP iLO 4 x86

HP iLO 5 x86

True

True

HP iLO MP

HP iLO MP 2 IA-64

HP iLO MP 3 IA-64

True

True

HP-UX

HP-UX 11iv2 (B.11.23) IA-64

HP-UX 11iv2 (B.11.23) PA-RISC

HP-UX 11iv3 (B.11.31) IA-64

HP-UX 11iv3 (B.11.31) PA-RISC

HP-UX Other

True

True

IBM i

(formerly AS400)

IBM i 7.1 PPC

IBM i 7.2 PPC

IBM i 7.3 PPC

IBM i 7.4 PPC

True

True

Junos - Juniper Networks

Junos - Juniper Networks 12

Junos - Juniper Networks 13

Junos - Juniper Networks 14

Junos - Juniper Networks 15

Junos - Juniper Networks 16

Junos - Juniper Networks 17

Junos - Juniper Networks 18

Junos - Juniper Networks 19

True

True

LDAP

OpenLDAP 2.4

True

False

Linux

Other Linux

True

True

macOS

macOS 10.10 x86_64

macOS 10.11 x86_64

macOS 10.12 x86_64

macOS 10.13 x86_64

macOS 10.14 x86_64

macOS 10.15 x86_64

macOS 10.9 x86_64

macOS Other

True

True

MongoDB

MongoDB 3.4

MongoDB 3.6

MongoDB 4.0

MongoDB 4.2

True

False

MySQL

MySQL 5.6

MySQL 5.7

MySQL 8.0

True

False

Oracle

Oracle 11g Release 2

Oracle 12c Release 1

Oracle 12c Release 2

Oracle 18c

Oracle 19c

True

False

Oracle Linux (OL)

Oracle Linux (OL) 6 x86

Oracle Linux (OL) 6 x86_64

Oracle Linux (OL) 7 x86_64

Oracle Linux (OL) 8 x86_64

Oracle Linux (OL) Other

True

True

Other

Other

False

False

Other Directory

Other Directory

True

False

Other Managed

Other Managed

True

False

PAN-OS

PAN-OS 6.0

PAN-OS 7.0

PAN-OS 8.0

PAN-OS 8.1

PAN-OS 9.0

True

True

PostgreSQL

PostgreSQL 10

PostgreSQL 10.2

PostgreSQL 10.3

PostgreSQL 10.4

PostgreSQL 10.5

PostgreSQL 11

PostgreSQL 12

PostgreSQL 9.6

True

False

RACF - Mainframe

RACF - Mainframe z/OS V2.1 Security Server zSeries

RACF - Mainframe z/OS V2.2 Security Server zSeries

RACF - Mainframe z/OS V2.3 Security Server zSeries

True

True

RACF - RACF - Mainframe LDAP

RACF - Mainframe LDAP z/OS V2.1 Security Server zSeries

RACF - RACF - Mainframe LDAP z/OS V2.2 Security Server zSeries

RACF - RACF - Mainframe LDAP z/OS V2.3 Security Server zSeries

True

False

Red Hat Enterprise Linux (RHEL)

Red Hat Enterprise Linux (RHEL) 6 PPC

Red Hat Enterprise Linux (RHEL) 6 x86

Red Hat Enterprise Linux (RHEL) 6 x86_64

Red Hat Enterprise Linux (RHEL) 6 zSeries

Red Hat Enterprise Linux (RHEL) 7 PPC

Red Hat Enterprise Linux (RHEL) 7 x86_64

Red Hat Enterprise Linux (RHEL) 7 zSeries

Red Hat Enterprise Linux (RHEL) 8 PPC

Red Hat Enterprise Linux (RHEL) 8 x86_64

Red Hat Enterprise Linux (RHEL) 8 zSeries

Red Hat Enterprise Linux (RHEL) Other

True

True

Red Hat Directory Server

Red Hat Directory Server 11

True

False

SAP HANA

SAP HANA 2.0 Other

True

False

SAP Netweaver Application Server

SAP Netweaver Application Server 7.3

SAP Netweaver Application Server 7.4

SAP Netweaver Application Server 7.5

True

False

Solaris

Solaris 10 SPARC

Solaris 10 x86

Solaris 10 x86_64

Solaris 11 SPARC

Solaris 11 x86_64

Solaris Other

True

True

SonicOS

SonicOS 5.9

SonicOS 6.2

SonicOS 6.4

SonicOS 6.5

True

False

SonicWALL SMA or CMS

SonicWALL SMA or CMS 11.3.0

True

False

SQL Server

SQL Server 2012

SQL Server 2014

SQL Server 2016

SQL Server 2017

SQL Server 2019

True

False

SUSE Linux Enterprise Server (SLES)

SUSE Linux Enterprise Server (SLES) 11 IA-64

SUSE Linux Enterprise Server (SLES) 11 PPC

SUSE Linux Enterprise Server (SLES) 11 x86

SUSE Linux Enterprise Server (SLES) 11 x86_64

SUSE Linux Enterprise Server (SLES) 11 zSeries

SUSE Linux Enterprise Server (SLES) 12 PPC

SUSE Linux Enterprise Server (SLES) 12 x86_64

SUSE Linux Enterprise Server (SLES) 12 zSeries

SUSE Linux Enterprise Server (SLES) 15 PPC

SUSE Linux Enterprise Server (SLES) 15 x86_64

SUSE Linux Enterprise Server (SLES) 15 zSeries

SUSE Linux Enterprise Server (SLES) Other

True

True

Sybase (Adaptive Server Enterprise)

Sybase (Adaptive Server Enterprise) 15.7

Sybase (Adaptive Server Enterprise) 16

Sybase (Adaptive Server Enterprise) 17

True

False

Top Secret - Mainframe

Top Secret - Mainframe r14 zSeries

Top Secret - Mainframe r15 zSeries

Top Secret - Mainframe r16 zSeries

True

False

Top Secret - Mainframe LDAP

Top Secret - Mainframe LDAP r14 zSeries

Top Secret - Mainframe LDAP r15 zSeries

Top Secret - Mainframe LDAP r16 zSeries

True

True

Twitter (Deprecated)

Twitter (Deprecated)

 

 

Ubuntu

Ubuntu 14.04 LTS x86

Ubuntu 14.04 LTS x86_64

Ubuntu 15.04 x86

Ubuntu 15.04 x86_64

Ubuntu 15.10 x86

Ubuntu 15.10 x86_64

Ubuntu 16.04 LTS x86

Ubuntu 16.04 LTS x86_64

Ubuntu 16.10 x86

Ubuntu 16.10 x86_64

Ubuntu 17.04 x86

Ubuntu 17.04 x86_64

Ubuntu 17.10 x86

Ubuntu 17.10 x86_64

Ubuntu 18.04 LTS x86

Ubuntu 18.04 LTS x86_64

Ubuntu 18.10 x86

Ubuntu 18.10 x86_64

Ubuntu 19.04 x86

Ubuntu 19.04 x86_64

Ubuntu 19.10 x86_64

Ubuntu 20.04 x86_64

Ubuntu Other

True

True

Windows Desktop

Windows Desktop (SSH)

Windows Desktop (WinRM)

Windows Server

Windows Server (SSH)

Windows Server (WinRM)

Windows (SSH) 10

Windows (SSH) 7

Windows (SSH) 8

Windows (SSH) 8.1

Windows (SSH) Other

Windows (SSH) Server 2008 R2

Windows (SSH) Server 2012

Windows (SSH) Server 2012 R2

Windows (SSH) Server 2016

Windows (SSH) Server 2019

Windows 10

Windows 7

Windows 8

Windows 8.1

Windows Other

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

Windows Vista

True

True

Table 5: Supported platforms: Directories that can be searched
Platform Name Platform Version

Microsoft Active Directory

Windows 2008+ DFL/FFL

LDAP

2.4

For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.

Custom platforms

The following example platform scripts are available:

  • Custom HTTP
  • Linux SSH
  • Telnet
  • TN3270 transports are available

For more information, see Custom Platforms and Creating a custom platform script in the Safeguard for Privileged Passwords Administration Guide.

Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:

CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen