Prior to installing Safeguard Authentication Services, ensure your system meets the minimum hardware and software requirements for your platform. Safeguard Authentication Services consists of Windows management tools and Unix client agent components.
Related Topics
Windows and cloud requirements
Windows components
Windows permissions
Unix agent requirements
Unix components
Permissions matrix
Encryption types
Management Console for UNIX requirements
The following are the minimum requirements for using Safeguard Authentication Services in your environment.
Table 1: Authentication Services requirements
Supported Windows Platforms |
Prerequisite Windows software
If the following prerequisite is missing, the Safeguard Authentication Services installer suspends the installation process to allow you to download the required component. It then continues the install:
You can install Safeguard Authentication Services on 64-bit editions of the following configurations:
-
Windows Server 2012
-
Windows Server 2012 R2
-
Windows Server 2016
-
Windows Server 2019
-
Windows Server 2022
-
Windows 10
-
Windows 11
NOTE: Due to tightened security, when running Safeguard Authentication Services Control Center on Windows 2008 R2 (or later) operating system, functioning as a domain controller, the process must be elevated or you must add authenticated users to the Distributed COM Users group on the computer. As a best practice, One Identity does not recommend that you install or run the Safeguard Authentication Services Windows components on Active Directory domain controllers. The recommended configuration is to install the Safeguard Authentication Services Windows components on an administrative workstation. |
Supported cloud services |
-
AWS Directory Service for Microsoft Active Directory (also called AWS Managed Microsoft AD)
-
Azure Active Directory Domain Services
-
Google Cloud Platform Managed Service for Microsoft Active Directory |
Safeguard Authentication Services includes the following Windows components.
Table 2: Windows components
Safeguard Authentication Services Control Center |
A single console for access to all of the tools and configuration settings for Safeguard Authentication Services. |
Active Directory Users and Computers MMC Snapin Extensions |
Unix management extensions for Active Directory users and groups. |
Group Policy Management Editor MMC Snapin Extensions |
Group Policy extensions for management of Unix, Linux, and macOS. |
RFC2307 NIS Map Editor MMC Snapin |
Provides the ability to manage NIS data in Active Directory. |
NIS Map Import Wizard |
Imports NIS data into Active Directory. |
Unix Account Import Wizard |
Imports Unix identity data into Active Directory. |
Safeguard Authentication Services PowerShell cmdlets |
Provides the ability to script Unix management tasks. |
Documentation |
Full product documentation and online help. |
To install Safeguard Authentication Services on Windows, you must have:
Authenticated Users must have rights to read cn, displayName, description, and whenCreated attributes for container objects in the application configuration location. To change Active Directory configuration settings, Administrators must have rights to Create Child Object (container) and Write Attribute for cn, displayName, description, and showInAdvancedViewOnly in the application configuration location.
Table 3: Required Windows permissions
Create Child Object |
Safeguard Authentication Services Administrators Only |
Container |
|
Delete Child Object |
Safeguard Authentication Services Administrators Only |
Container |
|
Delete Child Object |
Safeguard Authentication Services Administrators Only |
Container |
|
Write Attribute |
Safeguard Authentication Services Administrators Only |
Container |
cn, displayName, description, showInAdvancedViewOnly |
Read Attribute |
Authenticated Users |
Container |
cn, displayName, description, whenCreated |