Supported platforms
One Identity Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.
Safeguard for Privileged Passwords tested platforms
The following table lists the platforms and versions that have been tested for Safeguard for Privileged Passwords (SPP). Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, or Other Linux selection on the Management tab of the Asset dialog. 
SPP joined to SPS: Sessions platforms 
When Safeguard for Privileged Passwords (SPP) is joined with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:
• SPP 2.8 or lower: RDP, SSH
• SPP 2.9 or higher: RDP, SSH, or Telnet
Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols. 
Table 5: Supported platforms: Assets that can be managed
| ACF2 - Mainframe | r14, r15 | zSeries | True | True | 
| ACF2 - Mainframe LDAP | r14, r15 | zSeries | True | False | 
| Active Directory |   |   | True | False | 
| AIX | 6.1, 7.1, 7.2 | PPC | True | True | 
| Amazon Linux  | 2 | x86_64 | True | True | 
| Amazon Web Services  | 1 |  | True | False | 
| CentOS Linux | 6 7 8 | (ver 6) x86, x86_64 (ver 7) x86_64 (ver 8) x86_64 | True | True | 
| Cisco ASA | 7.x, 8.x, 9.X |   | True | True | 
| Cisco IOS | 12.X, 15.X, 16.X |  | True | True | 
| Debian GNU/Linux | 6, 7, 8, 9,10 | MIPS, PPC, x86, x86_64, zSeries | True | True | 
| Dell iDRAC | 7, 8, 9 |  | True | True | 
| ESXi (VSphere)
 | 5.5, 6.0, 6.5, 6.7x |   | True | False | 
| F5 Big-IP | 12.1.2, 13.0, 14.0, 15.0 |  | True | True | 
| Fedora | 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 | x86, x86_64 | True | True | 
| Fortinet FortiOS | 5.2, 5.6, 6.0, 6.2 |  | True | True | 
| FreeBSD | 10.4, 11.1, 11.2, 12.0 | x86, x86_64 | True | True | 
| HP iLO | 2, 3, 4, 5 | x86 | True | True | 
| HP iLO MP | 2, 3 | IA-64 | True | True | 
| HP-UX | 11iv2 (B.11.23), 11iv3 (B.11.31)
 | IA-64, PA-RISC | True | True | 
| IBM i (formerly AS400) | 7.1, 7.2, 7.3, 7.4 | PPC | True | True | 
| Junos - Juniper Networks | 12, 13, 14, 15, 16, 17, 18, 19 |  | True | True | 
| macOS  | 10.9, 10.10, 10.11, 10.12, 10.13, 10.14, 10.15 | x86_64 | True | True | 
| MongoDB | 3.4, 3.6, 4.0, 4.2 |  | True | False | 
| MySQL | 5.6, 5.7, 8.0 |  | True | False | 
| OpenLDAP | 2.4 |   | True | False | 
| Oracle  | 11g Release 2, 12c Release 1
 12c Release 2 18c 19c |  | True | False | 
| Oracle Linux (OL) | 6, 7, 8 | (ver 6) x86, x86_64 (ver 7 and 8) x86_64 | True | True | 
| Other |   |   | False | False | 
| Other Linux  |   |   | True | True | 
| Other Managed  |   |   | True | False | 
| PAN-OS | 6.0, 7.0, 8.0, 8.1, 9.0 |  | True | True | 
| PostgreSQL | 9.6, 10, 10.2, 10.3, 10.4, 10.5, 11, 12 |   | True | False | 
| RACF - Mainframe | z/OS V2.1 Security Server, z/OS V2.2 Security Server
 z/OS V2.3 Security Server | zSeries | True | True | 
| RACF - RACF - Mainframe LDAP | z/OS V2.1 Security Server, z/OS V2.2 Security Server
 z/OS V2.3 Security Server | zSeries | True | False | 
| Red Hat Enterprise Linux (RHEL) | 6, 7, 8 | (ver 6) PPC, x86, x86_64, zSeries (ver 7 and 8) PPC, x86_64, zSeries | True | True | 
| SAP HANA | 2.0 | Other | True | False | 
| SAP Netweaver Application Server | 7.3, 7.4, 7.5 |  | True | False | 
| Solaris | 10, 11 | (ver 10) SPARC, x86, x86_64 (ver 11) SPARC, x86_64 | True | True | 
| SonicOS | 5.9, 6.2, 6.4, 6.5 |  | True | False | 
| SonicWALL SMA or CMS | 11.3.0 |  | True | False | 
| SQL Server  | 2012, 2014, 2016, 2017, 2019 |  | True | False | 
| SUSE Linux Enterprise Server (SLES) | 11, 12, 15 | (ver 11) IA-64, PPC, x86, x86_64, zSeries,  (ver 12 and 15) PPC, x86_64, zSeries | True | True | 
| Sybase (Adaptive Server Enterprise) | 15.7, 16, 17 |  | True | False | 
| Top Secret - Mainframe LDAP | r14, r15, r16 | zSeries | True | False | 
| Top Secret - Mainframe | r14, r15, r16 | zSeries | True | True | 
| Ubuntu | 14.04 LTS, 15.04, 15.10, 16.04 LTS, 16.10, 17.04, 17.10, 18.04 LTS, 18.10, 19.04 19.10, 20.4 | ver 14.04 to ver 19.04) x86, x86_64 (ver 19.10 and 20.4) x86_64 | True | True | 
| Windows | Vista, 7, 8, 8.1, 10 Enterprise (including LTSC and loT) Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, Server 2019 |  | True | True | 
| Windows (SSH)  | 7, 8, 8.1, 10 Server 2008 R2, 2012, 2012 R2, 2016, 2019 Windows SSH Other |   | True | True | 
Table 6: Supported platforms: Directories that can be searched
| Microsoft Active Directory | Windows 2008+ DFL/FFL | 
| OpenLDAP | 2.4 | 
For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.
Custom platforms
The following example platform scripts are available:
- Custom HTTP 
- Linux SSH 
- Telnet 
- TN3270 transports are available 
For more information, see Custom Platforms and Creating a custom platform script in the Safeguard for Privileged Passwords Administration Guide.
Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub: 
|  
 | CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms.  | 
 
    Licenses
As a Safeguard for Privileged Passwords user, if you get an "appliance is unlicensed" notification, contact your Appliance Administrator.
Hardware appliance
The One Identity Safeguard for Privileged Passwords 3000 Appliance and 2000 Appliance ship with the Privileged Passwords module which requires a valid license to enable functionality.
You must install a valid license. Once the module is installed, Safeguard for Privileged Passwords shows a license state of Licensed and is operational. If the module license is not installed, you have limited functionality. That is, even though you will be able to configure access requests, if a Privileged Passwords module license is not installed, you will not be able to request a password release
Virtual appliance Microsoft Windows licensing
You must license the virtual appliance with a Microsoft Windows license. We recommend using either the MAK or KMS method. Specific questions about licensing should be directed to your Sales Representative. The virtual appliance will not function unless the operating system is properly licensed.
Licensing setup and update
To enter licensing information when you first log in
The first time you log in as the Appliance Administrator, you are prompted to add a licenses. The Success dialog displays when the license is added.
On the virtual appliance, the license is added as part of Initial Setup.
To configure reminders for license expiration
To avoid disruptions in the use of Safeguard for Privileged Passwords, the Appliance Administrator must configure the SMTP server, and define email templates for the License Expired and the License Expiring Soon event types. This ensures you will be notified of an approaching expiration date. 
Users are instructed to contact their Appliance Administrator if they get an "appliance is unlicensed" notification.
As an Appliance Administrator, if you receive a "license expiring" notification, apply a new license. 
To update the licensing file
Licensing update is only available using a virtual machine, not via the hardware.
 web client: To perform licensing activities
 web client: To perform licensing activities
Go to the licensing page:
- Navigate to  Settings| Settings| Appliance| Licensing. Appliance| Licensing.
- To upload a new license file, click  Upload a new license file and browse to select the current license file. Upload a new license file and browse to select the current license file.
- To remove the license file, select the license and click  Remove selected license. Remove selected license.
 
 desktop client: To perform licensing activities
 desktop client: To perform licensing activities
- Navigate to Administrative Tools | Settings | Appliance | Licensing. 
- To upload a new license file, click  Add License and browse to select the license file. Add License and browse to select the license file.
- To update a license file, select the license then select Update License in the lower left corner of a module's licensing information pane, select the license file, and click Open.
 
 
    Long Term Support (LTS) and Feature Releases
Releases use the following version designations:
- Long Term Support (LTS) Releases: The first digit identifies the release and the second is a zero (for example, 6.0 LTS). 
- Maintenance LTS Releases: A third digit is added followed by LTS (for example, 6.0.6 LTS). 
- Feature Releases: The Feature Releases version numbers are two digits (for example, 6.6). 
Customers choose between two paths for receiving releases: Long Term Support (LTS) Release or Feature Release. See the following table for details. 
Table 7: Comparison of Long Term Support (LTS) Release and Feature Release 
|  | Long Term Support (LTS) Release | Feature Release | 
| Release frequency | Frequency: Typically, every 2 years Scope: Includes new features, resolved issues and security updates Versioning: The first digit identifies the LTS and the second digit is a 0 (for example, 6.0 LTS, 7.0 LTS, and so on). | Frequency: Typically, every 3 months Scope: Includes the latest features, resolved issues, and other updates, such as security patches for the OS Versioning: The first digit identifies the LTS and the second digit is a number identifying the Feature Release (for example, 6.6, 6.7, and so on). | 
| Maintenance Release | Frequency:Typically, every 3 months during full support Scope: Includes critical resolved issues Versioning: A third digit designates the maintenance LTS Release (for example, 6.0.6 LTS). | Frequency:Only for highly critical issues Scope: Includes highly critical resolved issues Versioning: A third digit designates the maintenance Feature Release (for example, 6.6.1). | 
| Support  | Support extends typically 3 years after the original publication date or until the next LTS is published (whichever date is later). | Support extends typically 6 months after the original publication date or until the next feature or LTS Release is published (whichever date is later). | 
Release details can be found at Product Life Cycle. 
|  
 | CAUTION: Downgrading from the latest Feature Release, even to an LTS release, voids support for SPP. | 
One Identity strongly recommends always installing the latest revision of the release path you use (Long Term Support path or Feature Release path).
Moving between LTS and Feature Release versions 
You can move from an LTS version (for example, 6.0.7 LTS) to the same feature version (6.7) and then patch to a later feature version. After that, you can patch from the minimum version for the patch, typically N-3. If you move from an LTS version to a feature version, you will receive a warning like the following which informs you that you will only be able to apply a Feature Release until the next LTS Release:
Warning: You are patching to a Feature Release from an LTS Release. If you apply this update, you will not be able to upgrade to a non-Feature Release until the next LTS major release version is available. See the Administration Guide for details.
You cannot move from a Feature Release to LTS Release. For example, you cannot move from 6.7 to 6.0.7 LTS. You have to keep upgrading with each new Feature Release until the next LTS Release version is published. For this example, you would wait until 7.0 LTS is available. 
Patching 
You can only patch from a major version. For example, if you have version 6.6 and want to patch to 7.7, you must patch to 7.0 LTS and then apply 7.7.
An LTS major version of Safeguard for Privileged Passwords (SPP) will work with the same LTS major version of Safeguard for Privileged Sessions (SPS). For the best experience, it is recommended you keep both their SPP and SPS in sync on the latest and supported version.
 
    Search box
Whether you are using the desktop client or web client, the search box can be used to filter the data being displayed. When you enter a text string into the search box, the results include items that have a string attribute that contains the text that was entered. This same basic search functionality is also available for many of the detail panes and dialogs, allowing you to filter the data displayed in the associated pane or dialog. 
When searching for objects in the object lists, an attribute search functionality is also available where you can filter the results, based on a specific attribute. That is, the search term matches if the specified attribute contains the text. To perform an attribute search, click the  icon to select the attribute to be searched.
 icon to select the attribute to be searched. 
Rules for using the search functionality:
- Search strings are not case-sensitive. Exception: in the web client, the Approvals and Reviews searches are case sensitive. 
- Wild cards are not allowed. 
- 
Try using quotes and omitting quotes. As you use the product, you will become familiar with the search requirements for the search fields you frequent. Safeguard may perform a general search (for example, omits quotes) or a literal search (for example, includes quotes). Example scenarios follow:  
- When multiple search strings are included, all search criteria must be met in order for an object to be included in the results list. 
- When you combine a basic search and an attribute search, the order they are entered into the search box matters. The attribute searches can be in any order, but the basic search must come after the attribute searches. 
- In large environments, you will see a result number to tell you how many objects match the criteria; however, only the first 200 objects will be retrieved from the server. When you scroll down the list, more objects will be retrieved (paged) as needed. 
To search for accounts 
- Enter a text string in the Search box. As you type, the list displays items whose string attributes contain the text that was entered. 
Examples: 
- Enter T in the search box to search for items that contain the letter "T".
- Enter sse to list all items that contain the string "sse," (such as "Asset")
 
Note:The status bar along the bottom of the console shows the number of items returned. 
 
- 
To clear the search criteria, click  Clear. Clear.
 When you clear the search criteria, the original list of objects are displayed. 
You can also Search by attribute.