Safeguard for Privileged Passwords 7.0
03 August 2022, 01:11
These release notes provide information about the Safeguard for Privileged Passwords 7.0 release. For the most recent documents and product information, see One Identity Safeguard for Privileged Passwords Technical Documentation.
About this release
Safeguard for Privileged Passwords Version 7.0 is a major feature release with new features, resolved issues, and known issues.
For more details, see:
The Safeguard for Privileged Passwords 3000 and 2000 Appliances are built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system, and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management and shortening the time frame to value.
Safeguard for Privileged Passwords virtual appliances and cloud applications are also available. When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.
Safeguard privileged management software suite
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
- One-stop solution for all privileged access management needs
- Easy to deploy and integrate
- Unparalleled depth of recording
- Comprehensive risk analysis of entitlements and activities
- Thorough Governance for privileged account
The suite includes the following modules:
- Safeguard for Privileged Passwords automates, controls, and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
One Identity for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers to integrate seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics, and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time, and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action and ultimately prevent data breaches.
Figure 1: Privileged Sessions and Privileged Passwords
New license required (285833)
All customers upgrading to Safeguard for Privileged Passwords 7.0 require a new license. For more information, see https://support.oneidentity.com/contact-us/licensing. Once the new license is installed, Appliance Administrators will need to read and accept the Software Transaction Agreement before Safeguard for Privileged Passwords will be fully functional.
Changes to the secure VPN (284017)
Changes have been made to the secure VPN that protects communication between appliances in a clustered high-availability configuration. The new VPN only supports the UDP 655 port. Before upgrading, ensure the firewall configurations between appliances permit UDP 655.
v4 API now available (294662)
The v4 API is now available for use alongside the v3 API.
Web client updates
Starting with Safeguard for Privileged Passwords 7.0, only the web client is available. A number of features previously only found in the desktop client have been added to the web client.
Activity Center added (284020): The Activity Center has been added to the web client with an updated look and feel to improve your web client experience.
Reasons, Custom Platforms, and Registered Connectors added (298940):
- Entitlement and Ownership reports added (301855): You can now export entitlement and ownership reports in .csv or .json formats.
- Desktop client Dashboard functionalities added (301435): Access Request Activity and Account Automation pages have been added to the web client.
Application Auto-Login Session recordings (284362)
Using Safeguard for Privileged Sessions's RemoteApp launcher, you can now launch a remote desktop application session from within Safeguard for Privileged Passwords which only records the selected application rather than the entire windows server.
Accounts and assets now indicate whether the password profile and/or SSH key profile were inherited (300048)
When viewing assets and accounts in the web client, the Management properties section of the Properties tab indicates if the password profile and/or SSH key profile were inherited from the asset or partition, or set explicitly for the asset or account. When a profile has been explicitly set for the asset or account, you also have the ability to clear the set profile.
Application switcher now available (284024)
A new option has been added to the web client which allows users to easily navigate to One Identity products related to Safeguard for Privileged Passwords. This new feature includes links to the following products:
Data export capabilities (234914)
Throughout the web client, an Export button now appears above a table to indicate when the data in the table can be exported as either a JSON or CSV file.
Email Events page added (304109)
A new Email Events page has been added to Appliance Management | External Integration. This page is used for adding and managing the subscribers that receive emails for specific Safeguard for Privileged Passwords events.
OneLogin multi-factor authentication support (295669)
Appliance administrators can now configure Safeguard for Privileged Passwords to integrate with OneLogin MFA in order to allow for secure user logins. For information on OneLogin, see OneLogin documentation.
The following is a list of enhancements implemented in Safeguard for Privileged Passwords 7.0.
Table 1: General enhancements
|New option added that allows manual resets of password and SSH key changes to restart the timer for the next scheduled change.
Added a confirmation dialog before performing a manual change operation in the web client.