Intended audience
For Administrators, the Administration Guide contains information about how to set up One Identity Safeguard Remote Access (SRA) in One Identity Starling and how to integrate with One Identity Safeguard for Privileged Sessions (SPS).
For Users, the Administration Guide describes the usage and features of SRA.
Overview
SRA is a Cloud Software as a Service (SaaS) that provides a client-less, browser-based secure terminal access to servers via integration with the SPS product.
Figure 1: SRA architecture overview
To use One Identity Safeguard Remote Access (SRA), you must meet the following prerequisites:
-
You are using an official One Identity-supported feature or LTS version of SPS. For more information, see Version-related limitations.
-
Basic network configuration is completed, and the web administrative interface is available.
-
A SPS Authentication and Authorization plugin (AA plugin) is selected. For more information, see Using plugins.
-
You have Administrator role under the SRA product in One Identity Starling.
This section introduces the limitations of One Identity Safeguard Remote Access (SRA).
Version-related limitations
One Identity strongly recommends that you use either of the following SPS product versions:
For more information about the latest One Identity-supported SPS feature and LTS versions, see the SPS Product Life Cycle table.
NOTE: SPS version 6.9.n CC is no longer supported.
Security-related limitations
-
End users are not required to periodically reauthenticate to a running session. Instead, once an end user logged in to a terminal session, they stay logged in to SRA.
-
The bandwidth usage of terminal connections is not limited.
Functionality-related limitations
-
Use Chrome-based browsers for the best user experience. Other browsers are supported on a best effort basis.
-
SRA provides full support for SSH and RDP protocols only.
-
No RDP remote application is supported at this time.
-
Only fixed and inband destination selection defined in One Identity Safeguard for Privileged Sessions (SPS) will be picked up by SRA.
-
SPS nodes are not monitored. If SPS fails or unjoins from One Identity Starling, the related target connections remain visible on SRA.
-
Some browser keyword shortcuts (for example, Ctrl+T and Ctrl+Shift+N) are not forwarded to the terminal session.
-
For Apple users, copy-pasting text in an active RDP remote session with Cmd+C and Cmd+V keyboard shortcuts does not work. Use (Copy to clipboard) and (Paste) on the control panel of the session window to copy-paste text to or from the server.
-
The following limitations apply to the file transfer functionality:
-
SSH file transfer in active remote sessions is not supported on touch devices.
-
File transfer interworking (Cancel, Pause and Resume) is applicable only to Chromium-based browsers (recommended: Google Chrome).
This section and its subsections describe how to set up One Identity Safeguard Remote Access (SRA) from an Administrator point of view.
Before you can start using SRA, first you have to create a One Identity Starling account. After that, you must access One Identity Safeguard for Privileged Sessions (SPS) to perform preliminary configurations, for example, configuring the authentication and authorization plugin, creating local credential stores, setting up connection and usermapping policies and so on.