Always securely log out of the web client. Log events are created based on how the user logged out: UserLoggedOut or InactiveUserLoggedOut.
To log out
- In the upper right corner, next to your user name, click .
- Click Log Out to securely exit the Safeguard for Privileged Passwords web client.
To define and enforce security policy for your enterprise, you must first install the desktop client application which gives you access to the Administrative Tools.
These topics explain how to install, start, and uninstall the Safeguard for Privileged Passwords desktop client application:
During initial installation and when applying a patch, make sure the desktop client file is the one supplied with the appliance version. If the versions are not compatible, errors may occur.
NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:
- Any reference to putty in the PATH environment variable
- c:/Program Files/Putty
- c:/Program Files(x86)/Putty
If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:
If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.
Installing the Safeguard for Privileged Passwords desktop client application
CAUTION: The Safeguard for Privileged Passwords client version must match the installed Safeguard for Privileged Passwords version.
To download the Safeguard for Privileged Passwords desktop client Windows installer .msi file, open a browser and navigate to:
Save the Safeguard.msi file in a location of your choice.
- Run the MSI package.
- Select Next in the Welcome dialog.
- Accept the End-User License Agreement and select Next.
- Select Install to begin the installation.
- Select Finish to exit the desktop client setup wizard.
- Check your desktop resolution. The desktop client works the best at a resolution of 1024 x 768 or greater.
Installing the Desktop Player
CAUTION: If the Desktop Player is not installed and a user tries to play back a session from the Activity Center, a message like the following will display: No Desktop Player. The Safeguard Desktop Player is not installed. Would you like to install it now? The user will need to click Yes to go to the download page to install the player following step 2 below.
- Once the Safeguard for Privileged Passwords installation is complete, go to the Windows Start menu, Safeguard folder, and click Download Safeguard Player to be taken to the One Identity Safeguard for Privileged Sessions - Download Software web page.
Follow the Install Safeguard Desktop Player section of the player user guide found here:
- Go to One Identity Safeguard for Privileged Sessions - Technical Documentation.
- Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.
For Safeguard Desktop player version 1.8.6 and later, ensure your signed web certificate has a Subject Alternative Name (SAN) that includes each IP address of each of your cluster members. If the settings are not correct, the Safeguard Desktop Player will generate a certificate warning like the following when replaying sessions: Unable to verify SSL certificate. To resolve this issue, import the appropriate certificates including the root CA.
New Desktop Player versions
When you have installed a version of the Safeguard Desktop Player application, you will need to uninstall the previous version to upgrade to a newer player version.
The following steps assume the One Identity Safeguard for Privileged Passwords Appliance has been configured and licensed. As a Safeguard for Privileged Passwords user, if you get an appliance is unlicensed notification, contact your Appliance Administrator.
To start the desktop client application
- From the Windows Start menu, choose Safeguard.
On the server selection screen, enter or select the server's network DNS name or IP address to connect to the appliance over the network and click Connect.
NOTE: When entering an IPv6 address, enclose the IPv6 address in square brackets.
- You will see a message like: You'll now be redirected to your web browser to complete the login process. You can select: Don't show this message again. Then, click OK.
- If a login notification displays, click OK to accept the notifications and restrictions stated.
On the user login screen, enter your credentials and click Log in.
If your Safeguard for Privileged Passwords user account requires you to log in with secondary authentication, enter the secure password token code, or other authentication for your authentication service provider account and click Submit.
NOTE: The type and configuration of the secondary authentication provider (for example, RSA SecureID, FIDO2, One Identity Starling Two-Factor Authentication, and so on) determines what you must provide for secondary authentication. Check with your system administrator for more information about how to log in to Safeguard for Privileged Passwords with secondary authentication.
- When login is successful, you can close the web browser and return to the Safeguard application.
To remove server DSN names or IP addresses no longer used
The DSN name or IP address on the server selection screen may be no longer used. If you want to remove one or more selections, you can edit the user.config file using a text editor like Notepad.
- Make a backup copy of user.config in case you want to return to the file.
Open the file and edit the following section to list only the addresses you want:
<setting name="ClusterHistory" serializeAs="Xml">
<ArrayOfString xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- Save the updated file.
- Log on to verify the correct selections display.