Passwords-initiated (SPP-initiated) workflow
In the Passwords-initiated workflow, the users initiate sessions from SPP. In this workflow, SPP uses SPS as a session-recording device.
You can use your browser to request access from SPP and initiate the connection to the target server through SPS. SPP creates an access string for the user’s SSH or RDP client that allows these clients to connect to the target server through SPS, so that SPS can audit and record the session. In this sense, this workflow is nontransparent, the user must use a browser.
This is what all SPS users who bought the Sessions Module use before SPP version 2.7.
Figure 387: Passwords-initiated (SPP-initiated) workflow
For details on configuring this workflow, see Configuring SPP for Passwords-initiated workflow.
Prerequisites
-
Minimum versions:
-
SPP version 2.7
-
SPS version 6.0
-
-
You must have built an SPS cluster by promoting an SPS node to the role of Central Management node, even if it is a single node. For more information, see Creating a cluster.
-
CAUTION: When linking your One Identity Safeguard for Privileged Sessions (SPS) deployment to your One Identity Safeguard for Privileged Passwords (SPP) deployment, ensure that the SPS and SPP versions match exactly, and you keep the versions synchronized during an upgrade. For example, you can only link SPS version 6.6 to SPP version 6.6, and if you upgrade SPS to version 6.7, you must also upgrade SPP to 6.7.
Make sure that you do not mix Long Term Supported (LTS) and feature releases. For example, do not link an SPS version 6.0 to an SPP version 6.1.
To configure the Passwords-initiated (SPP-initiated) workflow
-
On SPS, link SPP and SPS as described in Linking SPS to SPP.
-
Configure SPP to use the linked SPS as described in Configuring SPP for Passwords-initiated workflow.
-
Optionally, customize monitoring settings as follows:
-
To make use of the more advanced features of SPS, you can change the safeguard_default Connection Policy or create a new Connection Policy and select that in SPP.
-
Follow the AA plugin settings listed in section Sharing RDP connection policies with SPS.
-