Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.0.8 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP glossary

Log out (web client)

Always securely log out of the web client.

To log out

  1. In the upper right corner, next to your user name, click .
  2. Click Log out to securely exit the Safeguard for Privileged Passwords web client.

Getting started with the desktop client

To define and enforce security policy for your enterprise, you must first install the desktop client application which gives you access to the Administrative Tools.

These topics explain how to install, start, and uninstall the Safeguard for Privileged Passwords desktop client application:

Installing the desktop client

During initial installation and when applying a patch, make sure the desktop client file is the one supplied with the appliance version. If the versions are not compatible, errors will occur.

NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:

  • Any reference to putty in the PATH environment variable
  • c:/Program Files/Putty
  • c:/Program Files(x86)/Putty
  • c:/Putty

If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:

<user-home-dir>/AppData/Local/Safeguard/putty.

If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.

Installing the Safeguard for Privileged Passwords desktop client application

  1. To download the Safeguard for Privileged Passwords desktop client Windows installer .msi file, open a browser and navigate to:

    https://<Appliance IP>/Safeguard.msi

    Save the Safeguard.msi file in a location of your choice.

  2. Run the MSI package.
  3. Select Next in the Welcome dialog.
  4. Accept the End-User License Agreement and select Next.
  5. Select Install to begin the installation.
  6. Select Finish to exit the desktop client setup wizard.
  7. Check your desktop resolution. The desktop client works the best at a resolution of 1024 x 768 or greater.

Installing the Desktop Player

CAUTION: If the Desktop Player is not installed and a user tries to play back a session from the Activity Center, a message like the following will display: No Desktop Player. The Safeguard Desktop Player is not installed. Would you like to install it now? The user will need to click Yes to go to the download page to install the player following step 2 below.

  1. Once the Safeguard for Privileged Passwords installation is complete, go to the Windows Start menu, Safeguard folder, and click Download Safeguard Player to be taken to the One Identity Safeguard for Privileged Sessions - Download Software web page.
  2. Follow the Install Safeguard Desktop Player section of the player user guide found here:

    1. Go to One Identity Safeguard for Privileged Sessions - Technical Documentation.
    2. Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.
  3. For Safeguard Desktop player version 1.8.6 and later, ensure your signed web certificate has a Subject Alternative Name (SAN) that includes each IP address of each of your cluster members. If the settings are not correct, the Safeguard Desktop Player will generate a certificate warning like the following when replaying sessions: Unable to verify SSL certificate. To resolve this issue, import the appropriate certificates including the root CA.

New Desktop Player versions

When you have installed a version of the Safeguard Desktop Player application, you will need to uninstall the previous version to upgrade to a newer player version.

Starting the desktop client

The following steps assume the One Identity Safeguard for Privileged Passwords Appliance has been configured and licensed. As a Safeguard for Privileged Passwords user, if you get an appliance is unlicensed notification, contact your Appliance Administrator.

To start the desktop client application

  1. From the Windows Start menu, choose Safeguard.
  2. On the server selection screen, enter or select the server's network DNS name or IP address to connect to the appliance over the network and click Connect.

    NOTE: When entering an IPv6 address, enclose the IPv6 address in square brackets.

  3. You will see a message like: You'll now be redirected to your web browser to complete the login process. You can select: Don't show this message again. Then, click OK.
  4. On the user login screen, enter your credentials and click Log in.

    • User Name: Enter your user or display name. Do not include spaces in the User Name.

      NOTE: When using directory account credentials, you have the option to enter your domain\name.

    • Password: Enter the password associated with the user entered above.
  5. If your Safeguard for Privileged Passwords user account requires you to log in with secondary authentication, enter the secure password token code, or other authentication for your authentication service provider account and click Submit.

    NOTE: The type and configuration of the secondary authentication provider (for example, RSA SecureID, FIDO2, One Identity Starling Two-Factor Authentication, and so on) determines what you must provide for secondary authentication. Check with your system administrator for more information about how to log in to Safeguard for Privileged Passwords with secondary authentication.

  6. When login is successful, you can close the web browser and return to the Safeguard application.

To remove server DSN names or IP addresses no longer used

The DSN name or IP address on the server selection screen may be no longer used. If you want to remove one or more selections, you can edit the user.config file using a text editor like Notepad.

  1. Go to:

    C:\Users\<YourSafeguardUserName>\AppData\Local\One_Identity_LLC\Client.Desktop.UI.exe_Url_<UniqueGUID\<ClientVersion>\user.config

  2. Make a backup copy of user.config in case you want to return to the file.
  3. Open the file and edit the following section to list only the addresses you want:

    <setting name="ClusterHistory" serializeAs="Xml">

    <value>

    <ArrayOfString xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

    <string>10.5.33.57</string>

    </ArrayOfString>

    </value>

    </setting>

  4. Save the updated file.
  5. Log on to verify the correct selections display.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating