Release Notes
20 April 2022, 07:43
These release notes provide information about the Safeguard for Privileged Sessions On Demand release. For the most recent documents and product information, see One Identity Safeguard for Privileged Sessions - Technical Documentation.
One Identity Safeguard for Privileged Sessions Version 6.13.1 is a release with new features and resolved issues.
For the list of issues addressed in release 6.13.1, see Resolved issues.
For details, see:
NOTE: For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide.
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
One-stop solution for all privileged access management needs
Easy to deploy and integrate
Unparalleled depth of recording
Comprehensive risk analysis of entitlements and activities
Thorough Governance for privileged account
The suite includes the following modules:
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
For encrypted audit trails, you no longer need to upload the PEM-encoded X.509 certificate in addition to the private keys. Now only the RSA private key is needed. Navigate to Basic Settings > Local Services > Indexer service.
From SPS version 6.13.1, Internet Explorer 11 (IE11) is not supported anymore. SPS version 6.12.0 and previous versions continue to support IE11.
If you have joined an SPP to SPS, you can share specific SPS functions with SPP. Currently, SPS supports sharing RDP and SSH connection policies with SPP. To use the Share connection policy with SPP option under Functions shared with SPP, navigate to:
RDP Contol > Connections
SSH Contol > Connections
SPS supports enhanced networking capabilities through the Elastic Network Adapter (ENA) on AWS.
The session-events and indexer-events parameters were added to Monitor appliance health status. These two parameters represent the fullness of the processing pipeline in SPS. If the pipeline is almost full, it may affect SPS cluster updates.
The /ldaptest endpoint was added to test LDAP server connection. With this endpoint, you can test whether your LDAP server configuration was successful, and the connection between the LDAP server and SPS can be established. See Testing LDAP server connections.
The /hosts-by-name endpoint was added to aid in SPS configuration by resolving the hostname of a computer or server to a list of related IP addresses that can be used in configuration. See Resolving hostnames to IP addresses.
SPS supports on-box generated private keys that can be used for the following purposes:
for the web server, timestamping authority or CA
SMTP client authentication
Syslog client authentication
LDAP client authentication
Changes in authentication and user database settings from SPS 6.12 and onwards:
/api/configuration/aaa/settings in User management and access control > Authentication and user database settings has been renamed to Login settings, and and you can configure the following three security enhancing measures with it:
Protecting against brute-force attacks
Authentication banner
Web interface authentication
To create a user database locally on SPS and configure authentication with passwords, X.509 certificates, or against a RADIUS servers, see Configuring SPS login methods.
To connect to a LDAP server to authenticate users, see Configuring LDAP servers.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
