Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.7 - Release Notes

Resolved issues

The following is a list of issues addressed in this release.

Table 2: General resolved issues
Resolved Issue Issue ID
Archive server needs way to test connection/check system just like assets. 653394

RDP signing certificate fails with A revocation check could not be performed for this certificate.

763103

RACF platform tasks fail because logon command is wrong.

774792

In Top Secret Mainframe, the platform script doesn't work for different login screens. 782623

SQL accounts not manageable when Named pipes are disabled.

787919

If user changes from Certificate Authentication to Local Authentication, the parameter RequireCertificateAuthentication doesn't get changed back to false.

791699

Socket address already in use.

796623

Unable to set the BMC settings.

797146

Unable to generate asset entitlement report for all accounts.

798367,

798370

Unable to generate Password Management Activity Report.

798369

Clicking on a favorite for an access request that utilizes user supplied credentials returns an error message.

798739

Add TN3270 custom platform sample. 798892

Unable to manually generate all activity report.

798965

Approval Anywhere is not working if Active Directory is missing the country code.

798972

Right-click object selection issue.

798981

Client does not show any assets in Entitlement reports when Browse is clicked.

799188

UI times out waiting for password activity report to export. 799260
UI limits AuditLog export to 50,000 records instead of asking for the entire date range specified. 799261
UI should export directly from the Activity Center without actually running anything first. 799263

Oracle DB Connection tab properties shows the Instance field but this value is the Service Name.

799326

Scheduled reports are not working. 799448
Frequent reporting, looping AD Query in directory sync causes scheduler to consume too much memory and crash; Cassandra to exceed max memory usage. 799512

Oracle DB platform operations fail when using SYS as Service Account.

799575

Archiving does not work for 200 days or less with message Batch too large in Pangaea.Service.Core-20190326.log.

799636

Domain name of an account is not visible when requesting a session.

799676

Domain user Require Certificate Authentication selection does not save.

799748

Error received when running an entitlement report for an admin user.

799847

Replica goes to quarantine during join and this message displayed: Failed to download policy data.

799917

Manual backup fails. Messages include: Aggregate exception caught and Value cannot be Null.

799925

Administrator roles missing from CSV version of an entitlement report.

799955

Password activity report exported as JSON format opens as CSV format.

799956

BMC ILO reports an error when switching on / off or when trying to change the password. 800123
Allow Oracle SYS account as service account PBI. 800128
Add Oracle Privileges connection property. 800132

Password check in fails to cycle password on linked account when there is an open RDP request. Error: You cannot access this account while another request is pending password reset (90010).

800242

Cannot reset SYS/SYSTEM with Oracle 11g.

800440

SSH key based authentication when adding archive server does not work.

800502

testConnection speed needs to be quicker. 800814

Known issues

The following is a list of issues known to exist at the time of release.

Table 3: Known issues
Known Issue

Issue ID

This issue is applicable if you use the embedded sessions module.

After a software patch, the SessionBannerText and and SessionSshHostKey may be lost.

Details and workaround:

Check the banner and host key in the user interface and update the information, as needed.

  • Navigate to Administrative Tools | Settings | Sessions | SSH Banner.
  • Navigate to Administrative Tools | Settings | Sessions | SSH Host Key.

CAUTION:The embedded sessions module in Safeguard for Privileged Passwords version 2.7 will be removed in a future release (to be determined). For uninterrupted service, organizations are advised to join to the more robust Safeguard for Privileged Sessions Appliance for sessions recording and playback.

800520

System requirements

One Identity Safeguard for Privileged Passwords has two graphical user interfaces that allow you to manage access requests, approvals and reviews for your managed accounts and systems. Ensure that your system meets the following minimum hardware and software requirements for these clients.

Bandwidth

We recommend that connection, including overhead, is faster than 10 megabits per second inter-site bandwidth with a one-way latency of less than 500ms. This number is offered as a guideline only in that other factors could require additional network tuning. These factors include but are not limited to: jitter, packet loss, response time, usage, and network saturation. If there is any questions please contact One Identity Technical Support.

Windows desktop client requirements

The desktop client is a native Windows application suitable for use on end-user machines. The desktop client consists of an end-user view and an administrator view. The administrative functionality is dynamically enabled based on the user's permissions.

Table 4: Desktop client requirements
Component Requirements
Technology

Microsoft .NET Framework 4.6 (or greater)

Windows platforms

64-bit editions of:

  • Windows 7
  • Windows 8.1
  • Windows 10
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

If the appliance setting, TLS 1.2 Only is enabled, (Administrative Tools | Settings | Appliance | Appliance Information), ensure the desktop client also has TLS 1.2 enabled. If the client has an earlier version of TLS enabled, you will be locked out of the client and will not be able to connect to Safeguard for Privileged Passwords.

NOTE: Internet Explorer security must be set to use TLS 1.0 or higher. Ensure the proper "Use TLS" setting is enabled on the Advanced tab of the Internet Options dialog (In Internet Explorer, go to Tools | Internet Options | Advanced tab).

Desktop Player

See One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide available at: One Identity Safeguard for Privileged Sessions - Technical Documentation, User Guide.

Web client requirements

The web client is functionally similar to the desktop client end-user view. It exposes the access request workflow functionality and is meant primarily for the non-Administrative user.

Table 5: Web client requirements
Component Requirements
Web browsers

Desktop browsers:

  • Google Chrome 66 (or later)
  • Microsoft Internet Explorer 11 and Edge
  • Mozilla Firefox 52 (or later)

Mobile device browsers:

  • Apple Safari iOS 10 (or later)
  • Google Chrome on Android

The web client is implemented for modern web browser technology, using:

  • HTML5
  • CSS
  • JavaScript

NOTE: If your browser lacks these required technologies, then use the desktop client.

Supported platforms

One Identity Safeguard for Privileged Passwords supports a variety of platforms.

NOTE: The following table lists the platforms and versions that have been tested. Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the "Other" or "Other Linux" option on the Management tab of the Asset dialog. Custom platforms can be added. For more information, see Custom Platform.

In addition, platforms that support RDP and SSH protocols are generally supported for embedded sessions management.

Table 6: Supported platforms: Assets that can be managed
Platform Version Architecture

ACF2 - Mainframe

r14, r15

zSeries

ACF2 - Mainframe LDAP

r14, r15

zSeries

AIX

6.1, 7.1, 7.2

PPC

Amazon Web Services

1  
CentOS Linux

6

7

x86, x86_64

x86_64

Cisco IOS 12.X, 15.X  
Cisco PIX 7.X, 8.X  

Debian GNU/Linux

6, 7, 8, 9

MIPS, PPC, x86, x86_64, zSeries

Dell iDRAC

7, 8

 

F5 Big-IP

12.1.X, 13.0

 

Facebook

   

Fedora

21, 22, 23, 24, 25, 26

x86, x86_64

Fortinet FortiOS

5.2, 5.6

 

FreeBSD

10.4, 11.1

x86, x86_64

HP iLO

iLO 2, 3, 4

x86

HP iLO MP

2, 3, 4

IA-64

HP-UX

11iv2 (B.11.23),
11iv3 (B.11.31)

IA-64, PA-RISC

IBM i

7.1, 7.2

PPC

Junos - Juniper Networks

12, 13, 14, 15

 

MAC OS X

10.9, 10.10, 10.11, 10.12, 10.13

x86_64

MongoDB

3.4, 3.6

 

MySQL

5.6, 5.7  

Oracle Database

11g Release 2,
12c Release 1
 

Oracle Linux (OEL)

6

7

x86, x86_64

x86_64

PAN-OS

6.0, 7.0

 

PostgreSQL

9.6.7, 10.2

 

RACF - Mainframe

z/OS V2.1 Security Server,
z/OS V2.2 Security Server
zSeries

RACF - Mainframe LDAP

z/OS V2.1 Security Server,
z/OS V2.2 Security Server

zSeries

Red Hat Enterprise Linux (RHEL)

6

7

PPC, x86, x86_64, zSeries

PPC, x86_64, zSeries

SAP HANA

2.0

Other

SAP Netweaver Application Server

7.3, 7.4

 

Solaris

10

11

SPARC, x86, x86_64

SPARC, x86_64

SonicOS

5.9, 6.2

 

SonicWALL SMA or CMS

11.3.0

 

SQL Server

2012, 2014, 2016

 

SUSE Linux Enterprise Server (SLES)

11

12

IA-64, PPC, x86, x86_64, zSeries

PPC, x86_64, zSeries

Sybase (Adaptive Server Enterprise)

15.7, 16

 

Top Secret - Mainframe

r14, r15

zSeries

Top Secret - Mainframe LDAP

r14, r15

zSeries

Twitter

   

Ubuntu

14.04 LTS, 15.04, 15.10, 16.04 LTS, 16.10, 17.04

x86, x86_64

VMware ESXi

5.5, 6.0, 6.5

 

Windows

Vista, 7, 8, 8.1, 10

 

Windows Server

2008, 2008 R2, 2012, 2012 R2, 2016, 2019

 
Table 7: Supported platforms: Directories that can be searched
Platform Version

Microsoft Active Directory

Windows 2008+ DFL/FFL

OpenLDAP

2.4

Related Documents