Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.0.11 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS) Cloud deployment considerations The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Forwarding data to third-party systems Joining to One Identity Starling
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a high availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Searching session data on a central node in a cluster Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help LDAP user and group resolution in SPS Appendix: Deprecated features Glossary

Preface

Welcome to the One Identity Safeguard for Privileged Sessions 6.0.10 Administrator Guide.

This document describes how to configure and manage the One Identity Safeguard for Privileged Sessions (SPS). Background information for the technology and concepts used by the product is also discussed.

Summary of changes

Version 5 F11 - 6.0
Changes in product:
Changes in documentation:
  • The documentation of the obsolete Search (classic) interface has been moved to an appendix. For the documentation of the Search interface, see Using the Search interface.

  • X.509 host certificates and DSA host keys are not supported in SSH and have been removed from the document.

Version 5 F10 - 5 F11
Changes in product:
Changes in documentation:
Version 5 F9 - 5 F10
Changes in product:
  • It is now possible to assign users to access sessions only for connections for which they are granted permission. For more information, see Assigning search privileges.

  • It is now possible to use an external Signing CA plugin. For more information, see Signing certificates on-the-fly.

  • Session tags allow you to get basic information about the session and its contents at a glance. For more information, see Viewing session details.

  • Multiple administrators can access the SPS web interface simultaneously, but only one of them can modify the configuration. It is now possible for other administrators to continue as read-only. For more information, see Multiple users and locking.

  • It is now possible to add additional group-membership attributes using the Check the user DN in these groups options. For more information, see Authenticating users to an LDAP server.

  • SPS can now distinguish the audited HTTP requests and responses based on the session cookies of web applications. For details, see Creating and editing protocol-level HTTP settings.

Version 5 F8 - 5 F9
Changes in product:
  • SPS has been extended with the Splunk forwarder, which allows you to automatically send file-based data to Splunk.

    Use the Splunk forwarder if you need to analyze or make changes to the data before you forward it, or you need to control where the data goes based on its contents. For more information, see Using the Splunk forwarder .

  • SPS has been extended with the universal SIEM forwarder, which allows you to automatically send file-based data to Splunk, ArcSight, or other third-party systems, in a format that your SIEM can understand.

    Use the universal SIEM forwarder if you need a less resource-heavy solution. For more information, see Using the universal SIEM forwarder .

  • Debug bundle has been renamed to support bundle. For more information, see Support bundle .
  • SPS now provides a way to authenticate non-transparent HTTP/HTTPS connections on SPS to local and external backends (LDAP, Microsoft Active Directory, RADIUS). The client must support proxy authentication. For more information, see Creating a new HTTP authentication policy .
Version 5 F7 - 5 F8
Changes in product:
  • It is now possible to search for scripted sessions. For more information, see Analyzing data using One Identity Safeguard for Privileged Analytics .
  • The Indexing history section on the Indexer > Indexer status page has been removed and it is now possible to search for indexing details. For more information about the indexing search filters that you can use, see List of available search filters .
  • SPS can now be configured to check out passwords from the built-in or external credential stores, such as One Identity Safeguard for Privileged Passwords, and play them in during a connection using the TN3270 protocol.

  • When using a hardware security module (HSM) or smart card to integrate with an external indexer, the chroot is not used anymore, the solutions provided by RedHat/CentOS can be used. Configuring a hardware security module (HSM) or smart card to integrate with external indexer has been updated to reflect the simplification of configuration steps.
  • The Basic Settings > Local Services > Required minimum version of encryption protocol option is removed as of One Identity Safeguard for Privileged Sessions ( SPS ) version 6.0.10 .

    Regardless of the TLS version you configured previously, SPS will uniformly use TLS version 1.2. This change might have the effect that using old (likely unsupported) browsers, it will not be possible to access the web interface of SPS .

  • Command detection and window title detection in content policies have changed and they are case-insensitive as of SPS version 5.8.0. In earlier versions, both used to be case-sensitive. For more information, see Creating a new content policy .
  • Searching for group memberships is now case insensitive.

Version 5 F6 - 5 F7
Changes in product:
Changes in documentation:
Version 5 F5 - 5 F6
Changes in product:
  • When you have a set of two or more One Identity Safeguard for Privileged Sessions instances in your deployment, you now have the possibility to join them into a cluster, and manage them from one central location. You can monitor their status and update their configuration centrally. For details, see Managing Safeguard for Privileged Sessions (SPS) clusters .

  • In the Search interface, it is now possible to use the flow view for a quick visualization of the session activities. For details, see Using the Search interface .

  • It is now possible to specify an accuracy level for Optical Character Recognition (OCR). For details, see Configuring the internal indexer .

Version 5 F4 - 5 F5
Changes in product:
Version 5 F3 - 5 F4
Changes in product:
Changes in documentation:
Version 5 F2 - 5 F3
Changes in product:
Changes in documentation:
Version 5 F1 - 5 F2
Changes in product:
Changes in documentation:
Version 5 LTS - 5 F1
Changes in product:

Introduction

This section introduces One Identity Safeguard for Privileged Sessions (SPS) in a non-technical manner, discussing how and why is it useful, and what additional security it offers to an existing IT infrastructure.

The major benefits of One Identity Safeguard for Privileged Sessions (SPS)

One Identity Safeguard for Privileged Sessions (SPS) is part of the One Identity Safeguard solution, which in turn is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, SPS is a privileged session management solution which provides industry-leading access control, session recording and auditing to prevent privileged account misuse and accelerate forensics investigations.

SPS is a quickly deployable enterprise device, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill down for forensic investigations.

SPS has full control over the SSH, RDP, Telnet, TN3270, TN5250, Citrix ICA, and VNC connections, giving a framework (with solid boundaries) for the work of the administrators. The most notable features of SPS are the following:

Central policy enforcement

SPS acts as a centralized authentication and access-control point in your IT environment which protects against privileged identity theft and malicious insiders. The granular access management helps you to control who can access what and when on your critical IT assets.

Prevention of malicious activities

SPS monitors privileged user sessions in real-time and detects policy violations as they occur. In case of detecting a suspicious user activity (for example entering a destructive command, such as the "rm"), SPS can send you an alert or immediately terminate the connection.

Greater accountability (deterrance)

SPS audits "who did what", for example on your database- or SAP servers. Aware of this, your employees will do their work with a greater sense of responsibility leading to a reduction in human errors. By having an easily interpreted, tamper-proof record in encrypted, timestamped, and digitally signed audit trails, finger-pointing issues can be eliminated.

Faster, cost-effective compliance audits

SPS makes all user activity traceable by recording them in high quality, tamper-proof and easily searchable audit trails. All data is stored in encrypted, timestamped and signed files, preventing any modification or manipulation. The movie-like audit trails ensure that all the necessary information is accessible for ad-hoc analyses or audit reports.

Lower troubleshooting and forensics costs

When something wrong happens, everybody wants to know the real story. Analyzing thousands of text-based logs can be a nightmare and may require the participation of external experts. The ability to easily reconstruct user sessions allows you to shorten investigation time and avoid unexpected cost.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating