Web management console system requirements
Table 4: Web kiosk requirements
Web management console |
Desktop browsers:
- Apple Safari 16.0 for desktop (or later)
- Google Chrome 108 (or later)
- Microsoft Edge 108 (or later)
- Mozilla Firefox 108 (or later)
|
Platforms and versions follow.
Supported platforms
One Identity Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.
SPP tested platforms
The following table lists the platforms and versions that have been tested for SPP (SPP). Additional assets may be added to SPP. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, Other Directory, or Linux selection on the Management tab of the Asset dialog. For more information, see Management tab (add asset).
SPP linked to Safeguard for Privileged Sessions: Sessions platforms
|
CAUTION: When linking your Safeguard for Privileged Sessions (SPS) deployment to your SPP (SPP) deployment, ensure that the SPS and SPP versions match exactly, and keep the versions synchronized during an upgrade. For example, you can only link SPS version 6.6 to SPP version 6.6, and if you upgrade SPS to version 6.7, you must also upgrade SPP to 6.7.
Make sure that you do not mix Long Term Supported (LTS) and feature releases. For example, do not link an SPS version 6.0.1 to an SPP version 6.1. |
When One Identity Safeguard for Privileged Passwords (SPP) is linked with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:
-
SPP 2.8 or lower: RDP, SSH
-
SPP 2.9 or higher: RDP, SSH, or Telnet
Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.
Table 5: Supported platforms: Assets that can be managed
ACF2 - Mainframe |
ACF2 - Mainframe LDAP r14 zSeries
ACF2 - Mainframe LDAP r15 zSeries |
True |
True |
ACF2 - Mainframe LDAP |
ACF2 - Mainframe LDAP r14 zSeries
ACF2 - Mainframe LDAP r15 zSeries |
True |
False |
Active Directory |
Active Directory |
True |
False |
AIX |
AIX 7.2
AIX 7.3 |
True |
True |
Amazon Linux |
Amazon Linux 2
Amazon Linux 2022
Amazon Linux Other |
True |
True |
Amazon Web Services |
Amazon Web Services 1 |
True |
False |
CentOS Linux |
CentOS Linux 7
CentOS Linux 8 |
True |
True |
Check Point GAiA (SSH) |
Check Point GAiA (SSH) R80.30
Check Point GAiA (SSH) R81 |
True |
True |
Cisco ASA |
Cisco ASA 7.X
Cisco ASA 8.X
Cisco ASA 9.X |
True |
True |
Cisco IOS (510) |
Cisco IOS 12.X
Cisco IOS 15.X
Cisco IOS 16.X |
True |
True |
Cisco ISE |
Cisco ISE 2.7
Cisco ISE 3 |
True |
False |
Cisco ISE CLI |
Cisco ISE CLI 2.7
Cisco ISE CLI 3 |
True |
True |
Cisco NX-OS |
Cisco NX-OS 9.3(7)
Cisco NX-OS 9.3(7a) |
True |
True |
Debian GNU/Linux |
Debian GNU/Linux 10
Debian GNU/Linux 11
Debian GNU/Linux 12 |
True |
True |
Dell iDRAC |
Dell iDRAC 8
Dell iDRAC 9 |
True |
True |
eDirectory LDAP |
eDirectory LDAP 9.0 |
True |
False |
ESXi |
ESXi 7.0
ESXi 8.0 |
True |
False |
F5 Big-IP |
F5 Big-IP 12.1.2
F5 Big-IP 13.0
F5 Big-IP 14.0
F5 Big-IP 15.0 |
True |
True |
Fedora |
Fedora 37
Fedora 38 |
True |
True |
Fortinet FortiOS |
Fortinet FortiOS 6.2
Fortinet FortiOS 6.4
Fortinet FortiOS 7.0
Fortinet FortiOS 7.2
Fortinet FortiOS 7.4 |
True |
True |
FreeBSD |
FreeBSD 12
FreeBSD 13 |
True |
True |
HP iLO |
HP iLO 4
HP iLO 5
HP iLO 6 |
True |
True |
HP iLO MP |
HP iLO MP 2
HP iLO MP 3 |
True |
True |
HP-UX |
HP-UX 11iv3 (B.11.31) |
True |
True |
IBM i |
IBM i 7.3
IBM i 7.4 |
True |
True |
Junos - Juniper Networks |
Junos - Juniper Networks 19
Junos - Juniper Networks 20
Junos - Juniper Networks 21
Junos - Juniper Networks 22 |
True |
True |
LDAP |
OpenLDAP 2.4 |
True |
False |
Linux |
|
True |
True |
macOS |
macOS 11
macOS 12
macOS 13 |
True |
True |
MongoDB |
MongoDB 4.4
MongoDB 5.0
MongoDB 6.0 |
True |
False |
MySQL |
MySQL 5.7
MySQL 8.0
MySQL 8.1 |
True |
False |
Oracle |
Oracle 19c
Oracle 21c |
True |
False |
Oracle Linux (OL) |
Oracle Linux (OL) 7
Oracle Linux (OL) 8
Oracle Linux (OL) 9 |
True |
True |
Other |
|
False |
False |
Other Directory |
|
True |
False |
Other Managed |
|
True |
False |
PAN-OS |
PAN-OS 9.1
PAN-OS 10.1
PAN-OS 10.2 |
True |
True |
PostgreSQL |
PostgreSQL 11
PostgreSQL 12
PostgreSQL 13
PostgreSQL 14
PostgreSQL 15 |
True |
False |
RACF - Mainframe |
RACF - Mainframe z/OS V2.1 Security Server zSeries
RACF - Mainframe z/OS V2.2 Security Server zSeries
RACF - Mainframe z/OS V2.3 Security Server zSeries |
True |
True |
RACF - RACF - Mainframe LDAP |
RACF - Mainframe LDAP z/OS V2.1 Security Server zSeries
RACF - RACF - Mainframe LDAP z/OS V2.2 Security Server zSeries
RACF - RACF - Mainframe LDAP z/OS V2.3 Security Server zSeries |
True |
False |
Red Hat Enterprise Linux (RHEL) |
Red Hat Enterprise Linux (RHEL) 7
Red Hat Enterprise Linux (RHEL) 8
Red Hat Enterprise Linux (RHEL) 9 |
True |
True |
Red Hat Directory Server |
Red Hat Directory Server 11
Red Hat Directory Server 12 |
True |
False |
SAP HANA |
SAP HANA
SAP HANA 2 |
True |
False |
SAP Netweaver Application Server |
SAP Netweaver Application Server 7.5 |
True |
False |
Safeguard for Privileged Sessions |
Safeguard for Privileged Sessions 7.0 |
True |
True |
Solaris |
Solaris 10
Solaris 11.3
Solaris 11.4 |
True |
True |
SonicOS |
SonicOS 6.5
SonicOS 7
SonicOSX 7 |
True |
False |
SonicWALL SMA or CMS |
SonicWALL SMA or CMS 11.3.0 |
True |
False |
SQL Server |
SQL Server 2012
SQL Server 2014
SQL Server 2016
SQL Server 2017
SQL Server 2019
SQL Server 2022 |
True |
False |
SUSE Linux Enterprise Server (SLES) |
SUSE Linux Enterprise Server (SLES) 12
SUSE Linux Enterprise Server (SLES) 15 |
True |
True |
Sybase (Adaptive Server Enterprise) |
Sybase (Adaptive Server Enterprise) 15.7
Sybase (Adaptive Server Enterprise) 16
Sybase (Adaptive Server Enterprise) 17 |
True |
False |
Top Secret - Mainframe |
Top Secret - Mainframe r14 zSeries
Top Secret - Mainframe r15 zSeries
Top Secret - Mainframe r16 zSeries |
True |
False |
Top Secret - Mainframe LDAP |
Top Secret - Mainframe LDAP r14
Top Secret - Mainframe LDAP r15
Top Secret - Mainframe LDAP r16 |
True |
True |
Ubuntu |
Ubuntu 18.04 LTS
Ubuntu 22.04 LTS
Ubuntu 22.10
Ubuntu 23.04 |
True |
True |
VMware vCenter Server |
VMware vCenter Server 6.7
VMware vCenter Server 7.0 |
True |
True |
Windows Desktop
Windows Desktop (SSH)
Windows Desktop (WinRM)
Windows Server
Windows Server (SSH)
Windows Server (WinRM) |
Windows (SSH) 10
Windows (SSH) 11
Windows (SSH) Server 2012
Windows (SSH) Server 2012 R2
Windows (SSH) Server 2016
Windows (SSH) Server 2019
Windows (SSH) Server 2022
Windows 10
Windows 11
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022 |
True |
True |
Table 6: Supported platforms: Directories that can be searched
Microsoft Active Directory |
Windows 2008+ DFL/FFL |
LDAP |
2.4 |
For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.
IMPORTANT: For the current list of platforms supported by Connect for Safeguard Assets, see the Connect for Safeguard Assets User Guide.
Custom platforms
The following example platform scripts are available:
- Custom HTTP
- Linux SSH
- Telnet
- TN3270 transports are available
For more information, see Custom platforms and Creating a custom platform script. Custom Platforms and Creating a custom platform script in the Safeguard for Privileged Passwords Administration Guide.
Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:
|
CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. SPP checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). SPP cannot check the validity or system impact of values entered for custom platforms. |
Long Term Support (LTS) and Feature Releases
Releases use the following version designations:
- Long Term Support (LTS) Releases: The first digit identifies the release and the second is a zero (for example, 6.0 LTS).
- Maintenance LTS Releases: A third digit is added followed by LTS (for example, 6.0.6 LTS).
- Feature Releases: The Feature Releases version numbers are two digits (for example, 6.6).
Customers choose between two paths for receiving releases: Long Term Support (LTS) Release or Feature Release. See the following table for details.
Table 7: Comparison of Long Term Support (LTS) Release and Feature Release
|
Long Term Support (LTS) Release |
Feature Release |
General Release |
Scope: Includes new features, resolved issues and security updates
Versioning: The first digit identifies the LTS and the second digit is a 0 (for example, 6.0 LTS, 7.0 LTS, and so on). |
Scope: Includes the latest features, resolved issues, and other updates, such as security patches for the OS
Versioning: The first digit identifies the LTS and the second digit is a number identifying the Feature Release (for example, 6.6, 6.7, and so on). |
Maintenance Release |
Scope: Includes critical resolved issues
Versioning: A third digit designates the maintenance LTS Release (for example, 6.0.6 LTS). |
Scope: Includes highly critical resolved issues
Versioning: A third digit designates the maintenance Feature Release (for example, 6.6.1). |
Release and support details can be found at Product Life Cycle.
|
CAUTION: Downgrading from the latest Feature Release, even to an LTS release, voids support for SPP. |
One Identity strongly recommends always installing the latest revision of the release path you use (Long Term Support path or Feature Release path).
Moving between LTS and Feature Release versions
You can move from an LTS version (for example, 6.0.7 LTS) to the same feature version (6.7) and then patch to a later feature version. After that, you can patch from the minimum version for the patch, typically N-3. If you move from an LTS version to a feature version, you will receive a warning like the following which informs you that you will only be able to apply a Feature Release until the next LTS Release:
Warning: You are patching to a Feature Release from an LTS Release. If you apply this update, you will not be able to upgrade to a non-Feature Release until the next LTS major release version is available. See the Administration Guide for details.
You cannot move from a Feature Release to LTS Release. For example, you cannot move from 6.7 to 6.0.7 LTS. You have to keep upgrading with each new Feature Release until the next LTS Release version is published. For this example, you would wait until 7.0 LTS is available.
Patching
You can only patch from a major version. For example, if you have version 6.6 and want to patch to 7.7, you must patch to 7.0 LTS and then apply 7.7.
An LTS major version of One Identity Safeguard for Privileged Passwords (SPP) will only work with the same LTS major version of Safeguard for Privileged Sessions (SPS). For the best experience, it is recommended you use the latest supported version.
Appliance specifications
The SPP Appliance is built specifically for use only with the SPP privileged management software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.
The following tables list the One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance specifications and power requirements.
Table 8: 4000 Appliance: Feature specifications
Processor |
Intel Xeon 4310T 2.3 GHz |
# of Processors |
1 |
# of Cores per Processor |
10 cores (20 threads) |
L2/L3 Cache |
15 MB Cache |
Chipset |
Intel C621A Chipset |
DIMMs |
ECC DDR4-2667 |
RAM |
64 GB |
Internal HD Controller |
Supermicro AOC-S3908L-H8iR-16DD |
Disk Hard Drive |
4 x Seagate Exos 7E10 2TB SAS 512e |
Availability |
TPM 2.0, EEC Memory, Redundant PSU |
I/O Slots |
2x PCIe 4.0 x16 FHHL 1x PCIe 4.0 x16 HHHL |
RAID |
RAID10 |
NIC/LOM |
Broadcom P210TP - 2 x 10G BASE-T Broadcom P210P - 2 x 10G SFP+ |
Power Supplies |
Redundant, 500W/600W, Auto Ranging (100v~240V), RoHS and REACH compliant |
Fans |
6 Supermicro FAN-0141L |
Chassis |
1U Rack |
Dimensions (HxWxD) |
43 x 437.0 x 650.0 (mm)
1.7 x 17.2 x 25.6 (in) |
Weight |
Max: 37 lbs (16.78 Kg) |
Table 9: 3000 Appliance: Feature specifications
Processor |
Intel Xeon E3-1275v6 3.8 GHz |
# of Processors |
1 |
# of Cores per Processor |
4 cores (8 threads) |
L2/L3 Cache |
8MB L3 Cache |
Chipset |
Intel C236 Chipset |
DIMMs |
Unbuffered ECC UDIMM DDR4 2400MHz |
RAM |
32 GB |
Internal HD Controller |
LSI MegaRAID SAS 9361-4i Single |
Disk Hard Drive |
4 x Seagate 7E2000 2TB SAS 512E |
Availability |
TPM 2.0, EEC Memory, Redundant PSU |
I/O Slots |
x16 PCIe 3.0, x8 PCIe 3.0 |
RAID |
RAID10 |
NIC/LOM |
4 port - dual GbE LAN with Intel i210-AT |
Power Supplies |
Redundant, 700W, Auto Ranging (100v~240V), ACPI compatible |
Fans |
1 Supermicro SNK-P0046P and 2 Micron 16GB 2666MHz 2R ECC Unb Z01B Dual Label |
Chassis |
1U Rack |
Dimensions (HxWxD) |
43 x 437.0 x 597.0 (mm)
1.7 x 17.2 x 23.5 (in) |
Weight |
Max: 37 lbs (16.78 Kg) |
Table 10: 2000 Appliance: Feature specifications
Processor |
Intel Xeon E3-1275v5 3.60 GHz |
# of Processors |
1 |
# of Cores per Processor |
4 |
L2/L3 Cache |
4 x 256KB L2, 8MB L3 SmartCache |
Chipset |
Intel C236 Chipset |
DIMMs |
DDR4-2400 ECC Unbuffered DIMMs |
RAM |
32GB |
Internal HD Controller |
LSI MegaRAID SAS 9391-4i 12Gbps SAS3 |
Disk |
4 x Seagate EC2.5 1TB SAS 512e |
Availability |
TPM 2.0, EEC Memory, Redundant PSU |
I/O Slots |
x16 PCIe 3.0, x8 PCIe 3.0 |
RAID |
RAID10 |
NIC/LOM |
3 x Intel i210-AT GbE |
Power Supplies |
Redundant, 700W, Auto Ranging (100v~240V), ACPI compatible |
Fans |
4 x 40mm Counter-rotating, Non-hot-swappable |
Chassis |
1U Rack |
Dimensions
(HxWxD) |
43 x 437.0 x 597.0 (mm)
1.7 x 17.2 x 23.5 (in) |
Weight |
Max: 46 lbs (20.9 Kg) |
Miscellaneous |
FIPS Compliant Chassis |
Table 11: One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance: Power requirements
Input Voltage |
100-240 Vac |
Frequency |
50-60Hz |
Power Consumption (Watts) |
170.9 |
BTU |
583 |
SPP is also available as a virtual appliance and from the cloud. For details see: