Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 7.0 LTS - Release Notes

Deprecated features

The following is a list of features that are no longer supported starting with Safeguard for Privileged Passwords 7.0.

  • Desktop client is no longer available starting with 7.0. Only the web client is supported.

  • Changes have been made to the secure VPN that protects communication between appliances in a clustered high-availability configuration. The new VPN only supports the UDP 655 port. Before upgrading, ensure the firewall configurations between appliances permit UDP 655.

  • Approval Anywhere and Starling Two-Factor Authentication functionalities have been deprecated. Any Safeguard for Privileged Passwords customers currently using Starling Two-Factor Authentication as their authentication provider should wait to upgrade until they have removed all Starling Two-Factor Authentication related user information.

Resolved issues

Issues addressed by this release follow.

Table 2: General resolved issues
Resolved issue

Issue ID

Fixed and issue causing CheckPassword to fail.

308228

VMware Virtual Appliance tools upgraded to the most recent version - (New v7.0 OVA deployments only).

310055

Decreased the memory usage when querying AssetAccounts.

309538

Improved our documentation / Knowledge Base article (KB309238) around the required Firewall rules necessary for "Remote Scheduled Tasks Management (RPC)" for Scheduled Tasks management on Windows Server 2019 platform.

309722

Fixed an error incorrectly reporting failing rescheduling tasks.

308774

Fixed an issue causing platform tasks to be cancelled due to overlapping account discovery schedules.

308696

Addressed an issue causing Access Request Service MYSQLConnector to fail to restart after an unexpected crash.

308606

Fixed an issue with Safeguard communicating with Microsoft telemetry IPS.

300123

Fixed a quarantine issue.

305208

Upgrade issues when moving from 6.11 to 6.12 have been addressed when using restored backups for Azure external federation.

308456

Dependent accounts now correctly linking on Server 2019 in a scheduled task.

307711

Fixed an issue that caused a password for an unrelated service account to be changed when a new asset was created.

306915

Update to ensure an OpenSSL vulnerability would not affect users.

305830

Fixed a quarantine issue.

304766

Account discovered groups no longer impacted when running domain discovery.

304725

No longer required to set Available for use across all partitions (Global Access) to true when configuring a directory account.

304449

Fixed an issue that caused a quarantine after patching.

304204

Improvements made to the progress indicator calculations when joining a replica.

304105

Fixed an issue causing a deadlock during transactions.

303421

Added sso_role as a requirement when configuring Sybase ASE servers.

314123

Known issues

The following is a list of issues known to exist at the time of release.

Known issue

Issues may occur when launching telnet sessions after upgrading a Safeguard for Privileged Sessions appliance. If you are experiencing issues, ensure you have downloaded and installed the latest telnet plugin before contacting support. Additional information on configuring and supporting tenet sessions is also available on the telnet plugin site.

If session playback is failing for fully indexed sessions, the desktop player may need to be upgraded to 1.9.4 or greater.

SPS initiated sessions failing when using netbios name.

Workaround: Use the domain name.

For Linux-based platforms, if an account password is encrypted with an algorithm that is not supported by Safeguard, then the CheckPassword operation falls back to validating the password by attempting to login as the account. The following algorithms are supported:

BCrypt, LDAP, MD5, PHPass, SHA256, SHA512, Traditional and Extended DES.

Blowfish, SCrypt, and PBKDF2 for any HMAC.

System requirements and versions

Safeguard for Privileged Passwords allows you to manage access requests, approvals, and reviews for your managed accounts and systems.

  • The web client consists of an end-user view and administrator view. The fully featured client exposes all of the functionality of Safeguard based on the role of the authenticated user.
  • The web management console displays whenever you connect to the virtual appliance and is used for first time configuration.
    When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.

Ensure that your system meets the minimum hardware and software requirements for these clients.

If a Safeguard Sessions Appliance is linked to Safeguard for Privileged Passwords, session recording is handled via Safeguard for Privileged Session. The link is initiated from Safeguard for Privileged Sessions. For details about the link steps and issue resolution, see the One Identity Safeguard for Privileged Sessions Administration Guide.

Bandwidth

It is recommended that connection, including overhead, is faster than 10 megabits per second inter-site bandwidth with a one-way latency of less than 500 milliseconds. If you are using traffic shaping, you must allow sufficient bandwidth and priority to port 655 UDP in the shaping profile. These numbers are offered as a guideline only in that other factors could require additional network tuning. These factors include but are not limited to: jitter, packet loss, response time, usage, and network saturation. If there are any further questions, please check with your Network Administration team.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating