If the FIDO2 feature is enabled, at least one FIDO2 key must be registered. When a key is added, the placeholder name is Unnamed Key. You can enter a meaningful name or later edit the name. It is recommended that all users have more than one key registered in case a key is lost or damaged.
- In the upper right corner, next to your user name, click .
- Click Manage FIDO2 Keys. The name and date each existing key was registered and last used displays.
- Perform an action:
- To change a name, enter the new name, then click Save.
- To remove a key, click Remove by the key. One key must remain registered. If a physical security key is lost, always delete the associated key from Safeguard for Privileged Passwords.
- To add a key, click Register New FIDO2 Key.
- You will be asked to insert or connect to the new key.
-
You will be prompted to reenter your primary credentials for verification.
-
Tap or activate your new FIDO2 key that is being registered.
-
You may then go back to the Manage FIDO2 Key page and give your newly registered key a name, then click Save.
For more information, see Requiring user to log in using secondary authentication.
Always securely log out of the web client.
To log out
- In the upper right corner, next to your user name, click .
- Click Log out to securely exit the Safeguard for Privileged Passwords web client.
To request, approve or review password releases, you must first install the desktop client application.
Or, you can use the web client instead of the desktop client, if you Administrator has provided the url location. For more information, see Using the web client.
These topics explain how to install, start, and uninstall the Safeguard for Privileged Passwords desktop client application:
During initial installation and when applying a patch, make sure the desktop client file is the one supplied with the appliance version. If the versions are not compatible, errors will occur.
NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:
- Any reference to putty in the PATH environment variable
- c:/Program Files/Putty
- c:/Program Files(x86)/Putty
- c:/Putty
If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:
<user-home-dir>/AppData/Local/Safeguard/putty.
If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.
Installing the Safeguard for Privileged Passwords desktop client application
-
To download the Safeguard for Privileged Passwords desktop client Windows installer .msi file, open a browser and navigate to:
https://<Appliance IP>/Safeguard.msi
Save the Safeguard.msi file in a location of your choice.
- Run the MSI package.
- Select Next in the Welcome dialog.
- Accept the End-User License Agreement and select Next.
- Select Install to begin the installation.
- Select Finish to exit the desktop client setup wizard.
- Check your desktop resolution. The desktop client works the best at a resolution of 1024 x 768 or greater.
Installing the Desktop Player
|
CAUTION: If the Desktop Player is not installed and a user tries to play back a session from the Activity Center, a message like the following will display: No Desktop Player. The Safeguard Desktop Player is not installed. Would you like to install it now? The user will need to click Yes to go to the download page to install the player following step 2 below. |
- Once the Safeguard for Privileged Passwords installation is complete, go to the Windows Start menu, Safeguard folder, and click Download Safeguard Player to be taken to the One Identity Safeguard for Privileged Sessions - Download Software web page.
-
Follow the Install Safeguard Desktop Player section of the player user guide found here:
- Go to One Identity Safeguard for Privileged Sessions - Technical Documentation.
- Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.
-
For Safeguard Desktop player version 1.8.6 and later, ensure your signed web certificate has a Subject Alternative Name (SAN) that includes each IP address of each of your cluster members. If the settings are not correct, the Safeguard Desktop Player will generate a certificate warning like the following when replaying sessions: Unable to verify SSL certificate. To resolve this issue, import the appropriate certificates including the root CA.
New Desktop Player versions
When you have installed a version of the Safeguard Desktop Player application, you will need to uninstall the previous version to upgrade to a newer player version.