You can now configure the required minimum version of the default web listener.
The default setting is TLS 1.2. You can configure SPS to use TLS 1.0, but it is not advised, because there are known serious attacks against TLS (for details, see: https://tools.ietf.org/html/rfc7457).
For more information, see "Configuring user and administrator login addresses" in the Administration Guide.
In addition to displaying upgrade logs and boot messages on the local console, SPS now shows information about the upgrade and reboot processes on the web interface, too. The information displayed in the browser and on the console is the same. For details, see "Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown" in the Administration Guide and "Upgrade checklist" in the Administration Guide.
|
NOTE:
This feature is enabled after the first boot to version 5 F2 or later. So during the upgrade from 5.0 to version 6.0, you will not be able to see any upgrade logs on the web interface. |
To support deployment in more complex networking environments, it is now possible to set the MTU for each network interface individually. For details, see "Network settings" in the Administration Guide and "Managing logical interfaces" in the Administration Guide.
When using X.509 certificates to authenticate on the SPS web interface, SPS can now extract the name of the user from the UserPrincipalName field of the certificate. For details, see "Authenticating users with X.509 certificates" in the Administration Guide.
Alerts defined in Content Policies are now only sent out again if there is change in the matched screen contents to avoid flooding security administrators with alerts.
It is now possible to specify the base DN of LDAP subtrees for users and for groups separately. Specifying a sufficiently narrow base for the LDAP subtrees can speed up LDAP operations. For details, see "Managing One Identity Safeguard for Privileged Sessions (SPS) users from an LDAP database" in the Administration Guide and "Authenticating users to an LDAP server" in the Administration Guide.
Backup policies can be configured to run more than once a day.
You can now select which Server Message Block protocol version to use in the Archive and Backup policies if your server uses SMB/CIFS.
In order to better integrate SPS with One Identity Safeguard for Privileged Analytics, some architectural changes have been introduced. These changes have brought alterations for the sessions schema of the REST API. As a result, REST responses have changed in the case of the following endpoints:
/api/audit/sessions
/api/audit/sessions/<session-id>
/api/audit/sessions/<session-id>/content
/api/audit/sessions/<session-id>/alerts
/api/audit/sessions/<session-id>/events
Search, download and index sessions section restructure
The Search, download and index sessions section has been restructured and updated in the SPS REST API.
For more information, see "Search, download, and index sessions" in the REST API Reference Guide.
HTTP connection policies can now be configured through REST
The endpoint is now writable and allows create, update and delete.
For more information, see "HTTP connections" in the REST API Reference Guide.
The user now has the same privileges on the web UI and REST API
For the user to have full access over the SPS REST API, they must have the REST server privilege. The user privileges on the web UI and REST API are now synchronized. For example, if the user has the ICA Control / Connections privilege then they can access this page on the web UI and also the /api/configuration/ica/connections endpoint on the REST API.
For more information, see "Authenticate to the SPS REST API" in the REST API Reference Guide.
Changes to audit data access rules (ADAR) on REST
The endpoint can only be queried and is not writable. It does not allow create, update, or delete.
For more information, see "Audit data access rules" in the REST API Reference Guide.
When querying the /api/info endpoint, the response now contains the hash of the XML database (config_hash) running on a given SPS host.
For details, see "Retrieve basic firmware and host information" in the REST API Reference Guide.
It is now possible to change the settings for the RDP protocol using the /api/configuration/rdp/settings_policies/ endpoint.
For details, see "RDP settings policies" in the REST API Reference Guide.
The api/audit/sessions/stats endpoint provides statistics about recorded sessions. For details, see "Session statistics" in the REST API Reference Guide.
The api/audit/sessions/histogram endpoint provides a histogram about the recorded sessions. For details, see "Session histogram" in the REST API Reference Guide.
You can now enable One Identity Safeguard for Privileged Analytics using the REST API. For details, see "Enable One Identity Safeguard for Privileged Analytics" in the REST API Reference Guide.
The api/configuration/policies/analytics endpoint allows you to configure One Identity Safeguard for Privileged Analytics by adding and removing analytics policies. For details, see "Configure One Identity Safeguard for Privileged Analytics" in the REST API Reference Guide.
You can now read and update the license of SPS. For details, see "Manage the SPS license" in the REST API Reference Guide.
Changing the root and admin passwords of SPS has been documented. For details, see "Passwords stored on SPS" in the REST API Reference Guide.
Configuring RDP connection policies using the REST API has been documented. For details, see "RDP connection policies" in the REST API Reference Guide.
You can complete the Welcome Wizard using the API.
You can now upload the SPS license file using the API.
You can now change the password of local users, for example, the admin, and the root passwords.
New content endpoint: A new endpoint, /api/audit/sessions/<session-id>/content, has been added, which enables you to search in the contents of individual connections. For details, see "Searching in connection content" in the REST API Reference Guide.
Filter events: The filtering functionality previously only available under the api/audit/sessions endpoint is now added to the api/audit/sessions/<session-id>/events endpoint, too. This means that you can now search in the events of individual connections. For more information, see "Session events" in the REST API Reference Guide.
Backup and archive policies can now be configured using the REST API.
Health status information about the Central Management node and the cluster nodes is now available at the /api/cluster/status endpoint of the node.
You can now download audit trails from SPS using the REST API. For details, see "Download audit trails" in the REST API Reference Guide.
The following is a list of enhancements implemented in SPS 6.0.10.
Enhancement | Issue ID |
---|---|
Created PDF reports have been enhanced with the others label and others subsection, which indicate that more data is available but cannot be displayed in the report unless the search is further refined. |
|
The "Top X" predefined report subchapters now include the others label, which indicates that more data is available but cannot be displayed in the report unless the search is further refined. |
|
The following is a list of features that are no longer supported starting with SPS 6.0.10.
X.509 host certificates are not supported, the related options have been removed from the product. One Identity recommends using public keys instead.
DSA keys are not supported, the related options have been removed from the product. One Identity recommends using RSA keys instead.
The log ingestion feature of SPS has been removed from the product.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center