Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 2.11 - Release Notes

Known issues

The following is a list of issues known to exist at the time of release.

Known issue

DevOps Issue ID

TFS Issue ID

In the web client, My Requests page, Pending Due Today is in the UTC time zone not the user's time zone. Click Click to change the search field RequestedFor: <date> to the user's date.

200370

806873

When joined to Safeguard for Privileged Sessions, the playback button does not display in the Activity Center even though a session was recorded. You can validate that a session was recorded by using the SPS web interface (select Search in the left menu).

The workaround is to use the API to reset the Enable Session Recording flag for the access policy back to true.

  1. Install the powershell cmdlets (https://github.com/OneIdentity/safeguard-ps).
  2. From the PowerShell command line execute:

    (Get-SafeguardAccessPolicy) | Where-Object { $_.SessionProperties.EnableSessionRecordings -eq $false } | ForEach-Object {

    $Obj = $_

    $Obj.SessionProperties.EnableSessionRecordings = $true

    Invoke-SafeguardMethod core PUT "AccessPolicies/$($_.Id)" -Body $Obj

    }

215727

NA

After upgrading to Safeguard for Privileged Passwords version 2.11, users may need to manually refresh their web browser to view and use the new web user interface (UI) due to possible caching.

215825

NA

When patching to 2.11, if you have open requests that require review, access requests may be blocked by requests pending review for unrelated accounts. A Policy Administrator or policy reviewer must resolve the open access requests that are pending review. Future requests are not affected.

215876

NA

System requirements

Safeguard for Privileged Passwords has two graphical user interfaces that allow you to manage access requests, approvals and reviews for your managed accounts and systems. Ensure that your system meets the following minimum hardware and software requirements for these clients.

Bandwidth

It is recommended that connection, including overhead, is faster than 10 megabits per second inter-site bandwidth with a one-way latency of less than 500 milliseconds. If you are using traffic shaping, you must allow sufficient bandwidth and priority to port 655 UDP/TCP in the shaping profile. These numbers are offered as a guideline only in that other factors could require additional network tuning. These factors include but are not limited to: jitter, packet loss, response time, usage, and network saturation. If there are any further questions, please check with your Network Administration team.

Windows desktop client requirements

The desktop client is a native Windows application suitable for use on end-user machines. The desktop client consists of an end-user view and an administrator view. The administrative functionality is dynamically enabled based on the user's permissions.

Table 2: Desktop client requirements
Component Requirements
Technology

Microsoft .NET Framework 4.6 (or later)

Windows platforms

64-bit editions of:

  • Windows 7
  • Windows 8.1
  • Windows 10
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

If the appliance setting, TLS 1.2 Only is enabled, (Administrative Tools | Settings | Appliance | Appliance Information), ensure the desktop client also has TLS 1.2 enabled. If the client has an earlier version of TLS enabled, you will be locked out of the client and will not be able to connect to Safeguard for Privileged Passwords.

Considerations:

  • Internet Explorer security must be set to use TLS 1.0 or higher. Ensure the proper "Use TLS" setting is enabled on the Advanced tab of the Internet Options dialog (In Internet Explorer, go to Tools | Internet Options | Advanced tab).
  • To use FIDO2 two-factor authentication, you will need a web browser that supports the WebAuthn standard.

Desktop Player

See One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide available at: One Identity Safeguard for Privileged Sessions - Technical Documentation, User Guide.

Web client requirements

The web client is functionally similar to the desktop client end-user view. It exposes the access request workflow functionality and is meant primarily for the non-Administrative user.

Table 3: Web requirements
Component Requirements
Web browsers

Desktop browsers:

  • Google Chrome 77 (or later)
  • Microsoft Internet Explorer 11 and Edge
  • Mozilla Firefox 69 (or later)

NOTE: To use FIDO2 two-factor authentication, you will need a web browser that supports the WebAuthn standard.

Mobile device browsers:

  • Apple iOS 13 (or later)
  • Google Chrome on Android version 77 (or later)

The web client is implemented for modern web browser technology, using:

  • HTML5
  • CSS
  • JavaScript

NOTE: If your browser lacks these required technologies, then use the desktop client.

Web kiosk requirements

The web kiosk is functionally similar to the desktop client end-user view. The web kiosk consists of an end-user view and an administrator view. The administrative functionality is dynamically enabled based on the user's permissions.

Table 4: Web kiosk requirements
Component Requirements
Web management console

Desktop browsers:

  • Google Chrome 77 (or later)
  • Microsoft Internet Explorer 11 and Edge
  • Mozilla Firefox 69 (or later)

NOTE: To use FIDO2 two-factor authentication, you will need a web browser that supports the WebAuthn standard.

The web management console is implemented for modern web browser technology, using:

  • HTML5
  • CSS
  • JavaScript

Supported platforms

Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.

Safeguard for Privileged Passwords tested platforms

The following table lists the platforms and versions that have been tested for Safeguard for Privileged Passwords (SPP). Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, or Other Linux selection on the Management tab of the Asset dialog.

SPP joined to SPS: Sessions platforms

When Safeguard for Privileged Passwords (SPP) is joined with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:

• SPP 2.8 or lower: RDP, SSH

• SPP 2.9 or higher: RDP, SSH, or Telnet

Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.

For the embedded sessions module, platforms that support RDP and SSH protocols are generally supported.

Table 5: Supported platforms: Assets that can be managed
Platform Version Architecture (all versions unless noted)

SPP

SPS

ACF2 - Mainframe

r14, r15

zSeries

True

True

ACF2 - Mainframe LDAP

r14, r15

zSeries

True

False

Active Directory

 

 

True

False

AIX

6.1, 7.1, 7.2

PPC

True

True

Amazon Linux

2

x86_64

True

True

Amazon Web Services (AWS)

1  

True

False

CentOS Linux

6

7

(ver 6) x86, x86_64

(ver 7) x86_64

True

True

Cisco ASA

7.x, 8.x

 

True

True

Cisco IOS 12.X, 15.X  

True

True

Debian GNU/Linux

6, 7, 8, 9

x86, x86_64, MIPS, PPC, zSeries

True

True

Dell iDRAC

7, 8

 

True

True

ESXi (VSphere)

5.5, 6.0, 6.5, 6.7

 

True

False

F5 Big-IP

12.1.2, 13.0, 14.0

 

True

True

Facebook (deprecated)

   

True

False

Fedora

21, 22, 23, 24, 25, 26, 27, 28, 29, 30

x86, x86_64

True

True

Fortinet FortiOS

5.2, 5.6

 

True

True

FreeBSD

10.4, 11.1, 11.2

x86, x86_64

True

True

HP iLO

2, 3, 4

x86

True

True

HP iLO MP

2, 3

IA-64

True

True

HP-UX

11iv2 (B.11.23),
11iv3 (B.11.31)

PA-RISC, IA-64

True

True

IBM i

7.1, 7.2, 7.3

PPC

True

True

Junos - Juniper Networks

12, 13, 14, 15

 

True

True

macOS

10.9, 10.10, 10.11, 10.12, 10.13

x86_64

True

True

MongoDB

3.4, 3.6, 4.0

 

True

False

MySQL

5.6, 5.7  

True

False

OpenLDAP

2.4

 

True

False

Oracle

11g Release 2,
12c Release 1
 

True

False

Oracle Linux (OEL)

6

7

(ver 6) x86, x86_64

(ver 7) x86_64

True

True

Other

 

 

False

False

Other Linux

 

 

True

True

Other Managed

 

 

True

False

PAN-OS

6.0, 7.0, 8.0, 8.1

 

True

True

PostgreSQL

9.6, 10.2, 10.3, 10.4, 10.5

 

True

False

RACF - Mainframe

z/OS V2.1 Security Server,
z/OS V2.2 Security Server

zSeries

True

True

RACF - Mainframe LDAP

z/OS V2.1 Security Server,
z/OS V2.2 Security Server

zSeries

True

False

Red Hat Enterprise Linux (RHEL)

6, 7, 8

(ver 6) x86, x86_64, PPC, zSeries

(ver 7 and 8) x86, x86_64, PPC, zSeries

True

True

SAP HANA

2.0

Other

True

False

SAP Netweaver Application Server

7.3, 7.4, 7.5

 

True

False

Solaris

10, 11

(ver 10) SPARC, x86, x86_64

(ver 11) SPARC, x86_64

True

True

SonicOS

5.9, 6.2

 

True

False

SonicWALL SMA or CMS

11.3.0

 

True

False

SQL Server

2012, 2014, 2016

 

True

False

SUSE Linux Enterprise Server (SLES)

11

12

(ver 11) x86, x86_64, PPC, zSeries, IA-64

(ver 12) x86_64, PPC, zSeries

True

True

Sybase (Adaptive Server Enterprise)

15.7, 16

 

True

False

Top Secret - Mainframe

r14, r15

zSeries

True

True

Top Secret - Mainframe LDAP

r14, r15

zSeries

True

False

Twitter (deprecated)

   

True

False

Ubuntu

14.04 LTS, 15.04, 15.10, 16.04 LTS, 16.10, 17.04, 17.10, 18.04 LTS, 18.10, 19.04

x86, x86_64

True

True

Windows

Vista, 7, 8, 8.1, 10 Enterprise (including LTSC and loT).

 

True

True

Windows Server

2008, 2008 R2, 2012, 2012 R2, 2016, 2019

 

True

True

Windows SSH

7, 8, 8.1, 10

Server 2008 R2, 2012, 2012 R2, 2016, 2019

Windows SSH Other

 

True

True

Table 6: Supported platforms: Directories that can be searched
Platform Version

Microsoft Active Directory

Windows 2008+ DFL/FFL

OpenLDAP

2.4

Custom platforms

The following example platform scripts are available:

  • Custom HTTP
  • Linux SSH
  • Telnet
  • TN3270 transports are available

For more information, see the Safeguard for Privileged Passwords Administration Guide, Custom Platforms and Creating a custom platform script.

CAUTION: Facebook and Twitter functionality has been deprecated. Refer to the custom platform open source script provided on GitHub. Facebook and Twitter platforms will be remove in a future release.

Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:

CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms.

Appliance specifications

Appliance specifications

The Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.

The Safeguard for Privileged Passwords 2000 Appliance specifications and power requirements are as follows.

Table 7: Safeguard 2000 Appliance: Feature specifications
Safeguard for Privileged Passwords 2000 Feature / Specification
Processor Intel Xeon E3-1275v5 3.60 GHz
# of Processors 1
# of Cores per Processor 4
L2/L3 Cache 4 x 256KB L2, 8MB L3 SmartCache
Chipset Intel C236 Chipset
DIMMs DDR4-2400 ECC Unbuffered DIMMs
RAM 32GB
Internal HD Controller LSI MegaRAID SAS 9391-4i 12Gbps SAS3
Disk 4 x Seagate EC2.5 1TB SAS 512e
Availability TPM 2.0, EEC Memory, Redundant PSU
I/O Slots x16 PCIe 3.0, x8 PCIe 3.0
RAID RAID10
NIC/LOM 3 x Intel i210-AT GbE
Power Supplies Redundant, 700W, Auto Ranging (100v~240V), ACPI compatible
Fans 4 x 40mm Counter-rotating, Non-hot-swappable
Chassis 1U Rack

Dimensions

(HxWxD)

43 x 437.0 x 597.0 (mm)

1.7 x 17.2 x 23.5 (in)

Weight Max: 46 lbs (20.9 Kg)
Miscellaneous FIPS Compliant Chassis
Table 8: Safeguard 2000 Appliance: Power requirements
Input Voltage 100-240 Vac
Frequency 50-60Hz
Power Consumption (Watts) 170.9
BTU 583
Documents connexes