The desktop client is a Windows application suitable for use on end-user machines. You install the desktop client by means of an MSI package that you can download from the appliance web client portal. You do not need administrator privileges to install One Identity Safeguard for Privileged Passwords.
NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:
- Any reference to putty in the PATH environment variable
- c:/Program Files/Putty
- c:/Program Files(x86)/Putty
- c:/Putty
If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:
<user-home-dir>/AppData/Local/Safeguard/putty.
If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.
Table 1: Desktop client requirements
Technology |
Microsoft .NET Framework 4.7.2 (or later) |
Windows platforms |
64-bit editions of:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
If the appliance setting, TLS 1.2 Only is enabled, (Administrative Tools | Settings | Appliance | Appliance Information), ensure the desktop client also has TLS 1.2 enabled. If the client has an earlier version of TLS enabled, you will be locked out of the client and will not be able to connect to Safeguard for Privileged Passwords.
Considerations:
- To use FIDO2 two-factor authentication, you will need a web browser that supports the WebAuthn standard.
|
Desktop Player |
See One Identity Safeguard for Privileged Sessions Safeguard Desktop Player User Guide available at: One Identity Safeguard for Privileged Sessions - Technical Documentation. |
Table 3: Web kiosk requirements
Web management console |
Desktop browsers:
- Apple Safari 13.1 for desktop (or later)
- Google Chrome 80 (or later)
- Microsoft Edge 80 (or later)
- Mozilla Firefox 69 (or later)
|
Platforms and versions follow.
One Identity Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.
Safeguard for Privileged Passwords tested platforms
The following table lists the platforms and versions that have been tested for Safeguard for Privileged Passwords (SPP). Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, Other Directory, or Linux selection on the Management tab of the Asset dialog.
NOTE: Prior to Safeguard for Privileged Passwords 6.8, the version and architecture information was readonly. It was stored with the platform and formed part of the platform name. As of Safeguard for Privileged Passwords 6.8, this information is no longer associated with the platform. It is now optional, and can be configured on each asset.
A new set of platforms are defined in Safeguard for Privileged Passwords 6.8 to replace the legacy platforms. See the table below for details on how the legacy platforms are mapped to the new platforms.
For customers upgrading from a pre-6.8 version of Safeguard for Privileged Passwords, the legacy platform will automatically be mapped to the corresponding new platform for each existing asset. Following an upgrade, the platform id of each existing asset will have changed. Some platform names may also have changed. From the desktop UI, only the new platforms are available when creating an asset. By default, the API will also only report the new platforms. For example, a GET request to the following URI will report only the new platforms:
https://<appliance>/servive/core/V3/Platforms
The legacy platforms still exist within Safeguard for Privileged Passwords for reference, but can only be retrieved using a filter query with the API. For example, the following will retrieve the legacy Active Directory platform:
https://<appliance>/servive/core/V3/Platforms?filter=Id%20eq%203
SPP linked to SPS: Sessions platforms
|
CAUTION: When linking your One Identity Safeguard for Privileged Sessions (SPS) deployment to your One Identity Safeguard for Privileged Passwords (SPP) deployment, ensure that the SPS and SPP versions match exactly, and keep the versions synchronized during an upgrade. For example, you can only link SPS version 6.6 to SPP version 6.6, and if you upgrade SPS to version 6.7, you must also upgrade SPP to 6.7.
Make sure that you do not mix Long Term Supported (LTS) and feature releases. For example, do not link an SPS version 6.0 to an SPP version 6.1. |
When Safeguard for Privileged Passwords (SPP) is linked with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:
- SPP 2.8 or lower: RDP, SSH
- SPP 2.9 or higher: RDP, SSH, or Telnet
Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.
Table 4: Supported platforms: Assets that can be managed
ACF2 - Mainframe |
ACF2 - Mainframe LDAP r14 zSeries
ACF2 - Mainframe LDAP r15 zSeries |
True |
True |
ACF2 - Mainframe LDAP |
ACF2 - Mainframe LDAP r14 zSeries
ACF2 - Mainframe LDAP r15 zSeries |
True |
False |
Active Directory |
Active Directory |
True |
False |
AIX |
AIX 6.1 PPC
AIX 7.1 PPC
AIX 7.2 PPC
AIX Other |
True |
True |
Amazon Linux |
Amazon Linux 2 x86_64
Amazon Linux Other x86_64 |
True |
True |
Amazon Web Services |
Amazon Web Services 1 |
True |
False |
CentOS Linux |
CentOS Linux 6 x86
CentOS Linux 6 x86_64
CentOS Linux 7 x86_64
CentOS Linux 8 x86_64
CentOS Linux Other |
True |
True |
Check Point GAiA (SSH) |
Check Point GAiA (SSH) R76
Check Point GAiA (SSH) R77
Check Point GAiA (SSH) R80.30 |
True |
True |
Cisco ASA |
Cisco ASA 7.X
Cisco ASA 8.X
Cisco ASA 9.X
Cisco ASA Other |
True |
True |
Cisco IOS (510) |
Cisco IOS 12.X
Cisco IOS 15.X
Cisco IOS 16.X
Cisco IOS Other |
True |
True |
Cisco ISE |
Cisco ISE 2.7
Cisco ISE 3 |
True |
False |
Cisco ISE CLI |
Cisco ISE CLI 2.7
Cisco ISE CLI 3 |
True |
True |
Cisco NX-OS |
Cisco NX-OS 9.3(7)
Cisco NX-OS 9.3(7a) |
True |
True |
Debian GNU/Linux (511) |
Debian GNU/Linux 10 MIPS
Debian GNU/Linux 10 PPC
Debian GNU/Linux 10 x86
Debian GNU/Linux 10 x86_64
Debian GNU/Linux 10 zSeries
Debian GNU/Linux 6 MIPS
Debian GNU/Linux 6 PPC
Debian GNU/Linux 6 x86
Debian GNU/Linux 6 x86_64
Debian GNU/Linux 6 zSeries
Debian GNU/Linux 7 MIPS
Debian GNU/Linux 7 PPC
Debian GNU/Linux 7 x86
Debian GNU/Linux 7 x86_64
Debian GNU/Linux 7 zSeries
Debian GNU/Linux 8 MIPS
Debian GNU/Linux 8 PPC
Debian GNU/Linux 8 x86
Debian GNU/Linux 8 x86_64
Debian GNU/Linux 8 zSeries
Debian GNU/Linux 9 MIPS
Debian GNU/Linux 9 PPC
Debian GNU/Linux 9 x86
Debian GNU/Linux 9 x86_64
Debian GNU/Linux 9 zSeries
Debian GNU/Linux Other |
True |
True |
Dell iDRAC |
Dell iDRAC 7
Dell iDRAC 8
Dell iDRAC 9 |
True |
True |
eDirectory LDAP |
eDirectory LDAP 9.0 |
True |
False |
ESXi |
ESXi 5.5
ESXi 6.0
ESXi 6.5
ESXi 6.7
ESXi 7.0 |
True |
False |
F5 Big-IP |
F5 Big-IP 12.1.2
F5 Big-IP 13.0
F5 Big-IP 14.0
F5 Big-IP 15.0 |
True |
True |
Facebook (Deprecated) |
Facebook (Deprecated) |
|
|
Fedora |
Fedora 21 x86
Fedora 21 x86_64
Fedora 22 x86
Fedora 22 x86_64
Fedora 23 x86
Fedora 23 x86_64
Fedora 24 x86
Fedora 24 x86_64
Fedora 25 x86
Fedora 25 x86_64
Fedora 26 x86
Fedora 26 x86_64
Fedora 27 x86
Fedora 27 x86_64
Fedora 28 x86
Fedora 28 x86_64
Fedora 29 x86
Fedora 29 x86_64
Fedora 30 x86
Fedora 30 x86_64
Fedora 31 x86
Fedora 31 x86_64
Fedora 32 x86
Fedora 32 x86_64
Fedora Other |
True |
True |
Fortinet FortiOS |
Fortinet FortiOS 5.2
Fortinet FortiOS 5.6
Fortinet FortiOS 6.0
Fortinet FortiOS 6.2 |
True |
True |
FreeBSD |
FreeBSD 10.4 x86
FreeBSD 10.4 x86_64
FreeBSD 11.1 x86
FreeBSD 11.1 x86_64
FreeBSD 11.2 x86
FreeBSD 11.2 x86_64
FreeBSD 12.0 x86
FreeBSD 12.0 x86_64 |
True |
True |
HP iLO |
HP iLO 2 x86
HP iLO 3 x86
HP iLO 4 x86
HP iLO 5 x86 |
True |
True |
HP iLO MP |
HP iLO MP 2 IA-64
HP iLO MP 3 IA-64 |
True |
True |
HP-UX |
HP-UX 11iv2 (B.11.23) IA-64
HP-UX 11iv2 (B.11.23) PA-RISC
HP-UX 11iv3 (B.11.31) IA-64
HP-UX 11iv3 (B.11.31) PA-RISC
HP-UX Other |
True |
True |
IBM i
(formerly AS400) |
IBM i 7.1 PPC
IBM i 7.2 PPC
IBM i 7.3 PPC
IBM i 7.4 PPC |
True |
True |
Junos - Juniper Networks |
Junos - Juniper Networks 12
Junos - Juniper Networks 13
Junos - Juniper Networks 14
Junos - Juniper Networks 15
Junos - Juniper Networks 16
Junos - Juniper Networks 17
Junos - Juniper Networks 18
Junos - Juniper Networks 19 |
True |
True |
LDAP |
OpenLDAP 2.4 |
True |
False |
Linux |
Other Linux |
True |
True |
macOS |
macOS 10.10 x86_64
macOS 10.11 x86_64
macOS 10.12 x86_64
macOS 10.13 x86_64
macOS 10.14 x86_64
macOS 10.15 x86_64
macOS 10.9 x86_64
macOS Other |
True |
True |
MongoDB |
MongoDB 3.4
MongoDB 3.6
MongoDB 4.0
MongoDB 4.2 |
True |
False |
MySQL |
MySQL 5.6
MySQL 5.7
MySQL 8.0 |
True |
False |
Oracle |
Oracle 11g Release 2
Oracle 12c Release 1
Oracle 12c Release 2
Oracle 18c
Oracle 19c |
True |
False |
Oracle Linux (OL) |
Oracle Linux (OL) 6 x86
Oracle Linux (OL) 6 x86_64
Oracle Linux (OL) 7 x86_64
Oracle Linux (OL) 8 x86_64
Oracle Linux (OL) Other |
True |
True |
Other |
Other |
False |
False |
Other Directory |
Other Directory |
True |
False |
Other Managed |
Other Managed |
True |
False |
PAN-OS |
PAN-OS 6.0
PAN-OS 7.0
PAN-OS 8.0
PAN-OS 8.1
PAN-OS 9.0 |
True |
True |
PostgreSQL |
PostgreSQL 10
PostgreSQL 10.2
PostgreSQL 10.3
PostgreSQL 10.4
PostgreSQL 10.5
PostgreSQL 11
PostgreSQL 12
PostgreSQL 9.6 |
True |
False |
RACF - Mainframe |
RACF - Mainframe z/OS V2.1 Security Server zSeries
RACF - Mainframe z/OS V2.2 Security Server zSeries
RACF - Mainframe z/OS V2.3 Security Server zSeries |
True |
True |
RACF - RACF - Mainframe LDAP |
RACF - Mainframe LDAP z/OS V2.1 Security Server zSeries
RACF - RACF - Mainframe LDAP z/OS V2.2 Security Server zSeries
RACF - RACF - Mainframe LDAP z/OS V2.3 Security Server zSeries |
True |
False |
Red Hat Enterprise Linux (RHEL) |
Red Hat Enterprise Linux (RHEL) 6 PPC
Red Hat Enterprise Linux (RHEL) 6 x86
Red Hat Enterprise Linux (RHEL) 6 x86_64
Red Hat Enterprise Linux (RHEL) 6 zSeries
Red Hat Enterprise Linux (RHEL) 7 PPC
Red Hat Enterprise Linux (RHEL) 7 x86_64
Red Hat Enterprise Linux (RHEL) 7 zSeries
Red Hat Enterprise Linux (RHEL) 8 PPC
Red Hat Enterprise Linux (RHEL) 8 x86_64
Red Hat Enterprise Linux (RHEL) 8 zSeries
Red Hat Enterprise Linux (RHEL) Other |
True |
True |
Red Hat Directory Server |
Red Hat Directory Server 11 |
True |
False |
SAP HANA |
SAP HANA 2.0 Other |
True |
False |
SAP Netweaver Application Server |
SAP Netweaver Application Server 7.3
SAP Netweaver Application Server 7.4
SAP Netweaver Application Server 7.5 |
True |
False |
Solaris |
Solaris 10 SPARC
Solaris 10 x86
Solaris 10 x86_64
Solaris 11 SPARC
Solaris 11 x86_64
Solaris Other |
True |
True |
SonicOS |
SonicOS 5.9
SonicOS 6.2
SonicOS 6.4
SonicOS 6.5 |
True |
False |
SonicWALL SMA or CMS |
SonicWALL SMA or CMS 11.3.0 |
True |
False |
SQL Server |
SQL Server 2012
SQL Server 2014
SQL Server 2016
SQL Server 2017
SQL Server 2019 |
True |
False |
SUSE Linux Enterprise Server (SLES) |
SUSE Linux Enterprise Server (SLES) 11 IA-64
SUSE Linux Enterprise Server (SLES) 11 PPC
SUSE Linux Enterprise Server (SLES) 11 x86
SUSE Linux Enterprise Server (SLES) 11 x86_64
SUSE Linux Enterprise Server (SLES) 11 zSeries
SUSE Linux Enterprise Server (SLES) 12 PPC
SUSE Linux Enterprise Server (SLES) 12 x86_64
SUSE Linux Enterprise Server (SLES) 12 zSeries
SUSE Linux Enterprise Server (SLES) 15 PPC
SUSE Linux Enterprise Server (SLES) 15 x86_64
SUSE Linux Enterprise Server (SLES) 15 zSeries
SUSE Linux Enterprise Server (SLES) Other |
True |
True |
Sybase (Adaptive Server Enterprise) |
Sybase (Adaptive Server Enterprise) 15.7
Sybase (Adaptive Server Enterprise) 16
Sybase (Adaptive Server Enterprise) 17 |
True |
False |
Top Secret - Mainframe |
Top Secret - Mainframe r14 zSeries
Top Secret - Mainframe r15 zSeries
Top Secret - Mainframe r16 zSeries |
True |
False |
Top Secret - Mainframe LDAP |
Top Secret - Mainframe LDAP r14 zSeries
Top Secret - Mainframe LDAP r15 zSeries
Top Secret - Mainframe LDAP r16 zSeries |
True |
True |
Twitter (Deprecated) |
Twitter (Deprecated) |
|
|
Ubuntu |
Ubuntu 14.04 LTS x86
Ubuntu 14.04 LTS x86_64
Ubuntu 15.04 x86
Ubuntu 15.04 x86_64
Ubuntu 15.10 x86
Ubuntu 15.10 x86_64
Ubuntu 16.04 LTS x86
Ubuntu 16.04 LTS x86_64
Ubuntu 16.10 x86
Ubuntu 16.10 x86_64
Ubuntu 17.04 x86
Ubuntu 17.04 x86_64
Ubuntu 17.10 x86
Ubuntu 17.10 x86_64
Ubuntu 18.04 LTS x86
Ubuntu 18.04 LTS x86_64
Ubuntu 18.10 x86
Ubuntu 18.10 x86_64
Ubuntu 19.04 x86
Ubuntu 19.04 x86_64
Ubuntu 19.10 x86_64
Ubuntu 20.04 x86_64
Ubuntu Other |
True |
True |
Windows Desktop
Windows Desktop (SSH)
Windows Desktop (WinRM)
Windows Server
Windows Server (SSH)
Windows Server (WinRM) |
Windows (SSH) 10
Windows (SSH) 7
Windows (SSH) 8
Windows (SSH) 8.1
Windows (SSH) Other
Windows (SSH) Server 2008 R2
Windows (SSH) Server 2012
Windows (SSH) Server 2012 R2
Windows (SSH) Server 2016
Windows (SSH) Server 2019
Windows 10
Windows 7
Windows 8
Windows 8.1
Windows Other
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Vista |
True |
True |
Table 5: Supported platforms: Directories that can be searched
Microsoft Active Directory |
Windows 2008+ DFL/FFL |
LDAP |
2.4 |
For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.
Custom platforms
The following example platform scripts are available:
- Custom HTTP
- Linux SSH
- Telnet
- TN3270 transports are available
For more information, see Custom Platforms and Creating a custom platform script in the Safeguard for Privileged Passwords Administration Guide.
Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:
|
CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms. |