Web management console system requirements
Table 7: Web kiosk requirements
Web management console |
Desktop browsers:
- Apple Safari 13.1 for desktop (or later)
- Google Chrome 80 (or later)
- Microsoft Edge 80 (or later)
- Mozilla Firefox 69 (or later)
- Microsoft Internet Explorer 11 (Newer features may not work with Internet Explorer. You are encouraged to upgrade to a browser that can support all functionality.)
|
Platforms and versions follow.
Supported platforms
One Identity Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.
Safeguard for Privileged Passwords tested platforms
The following table lists the platforms and versions that have been tested for Safeguard for Privileged Passwords (SPP). Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, or Other Linux selection on the Management tab of the Asset dialog. For more information, see Management tab (add asset).
SPP joined to SPS: Sessions platforms
When Safeguard for Privileged Passwords (SPP) is joined with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:
• SPP 2.8 or lower: RDP, SSH
• SPP 2.9 or higher: RDP, SSH, or Telnet
Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.
Supported platform updates
For all supported platforms, it is assumed that the latest updates are applied.
Table 8: Supported platforms: Assets that can be managed
ACF2 - Mainframe |
r14, r15 |
zSeries |
True |
True |
ACF2 - Mainframe LDAP |
r14, r15 |
zSeries |
True |
False |
Active Directory |
|
|
True |
False |
AIX |
6.1, 7.1, 7.2 |
PPC |
True |
True |
Amazon Linux |
2 |
x86_64 |
True |
True |
Amazon Web Services (AWS) |
1 |
|
True |
False |
CentOS Linux |
6
7 |
(ver 6) x86, x86_64
(ver 7) x86_64 |
True |
True |
Cisco ASA |
7.x, 8.x |
|
True |
True |
Cisco IOS |
12.X, 15.X |
|
True |
True |
Debian GNU/Linux |
6, 7, 8, 9 |
x86, x86_64, MIPS, PPC, zSeries |
True |
True |
Dell iDRAC |
7, 8 |
|
True |
True |
ESXi (VSphere) |
5.5, 6.0, 6.5, 6.7 |
|
True |
False |
F5 Big-IP |
12.1.2, 13.0, 14.0 |
|
True |
True |
Fedora |
21, 22, 23, 24, 25, 26, 27, 28, 29, 30 |
x86, x86_64 |
True |
True |
Fortinet FortiOS |
5.2, 5.6 |
|
True |
True |
FreeBSD |
10.4, 11.1, 11.2 |
x86, x86_64 |
True |
True |
HP iLO |
2, 3, 4 |
x86 |
True |
True |
HP iLO MP |
2, 3 |
IA-64 |
True |
True |
HP-UX |
11iv2 (B.11.23), 11iv3 (B.11.31) |
PA-RISC, IA-64 |
True |
True |
IBM i |
7.1, 7.2, 7.3 |
PPC |
True |
True |
Junos - Juniper Networks |
12, 13, 14, 15 |
|
True |
True |
macOS |
10.9, 10.10, 10.11, 10.12, 10.13 |
x86_64 |
True |
True |
MongoDB |
3.4, 3.6, 4.0 |
|
True |
False |
MySQL |
5.6, 5.7 |
|
True |
False |
OpenLDAP |
2.4 |
|
True |
False |
Oracle |
11g Release 2, 12c Release 1 |
|
True |
False |
Oracle Linux (OEL) |
6
7 |
(ver 6) x86, x86_64
(ver 7) x86_64 |
True |
True |
Other |
|
|
False |
False |
Other Linux |
|
|
True |
True |
Other Managed |
|
|
True |
False |
PAN-OS |
6.0, 7.0, 8.0, 8.1 |
|
True |
True |
PostgreSQL |
9.6, 10.2, 10.3, 10.4, 10.5 |
|
True |
False |
RACF - Mainframe |
z/OS V2.1 Security Server, z/OS V2.2 Security Server |
zSeries |
True |
True |
RACF - Mainframe LDAP |
z/OS V2.1 Security Server, z/OS V2.2 Security Server |
zSeries |
True |
False |
Red Hat Enterprise Linux (RHEL) |
6, 7, 8 |
(ver 6) x86, x86_64, PPC, zSeries
(ver 7 and 8) x86, x86_64, PPC, zSeries |
True |
True |
SAP HANA |
2.0 |
Other |
True |
False |
SAP Netweaver Application Server |
7.3, 7.4, 7.5 |
|
True |
False |
Solaris |
10, 11 |
(ver 10) SPARC, x86, x86_64
(ver 11) SPARC, x86_64 |
True |
True |
SonicOS |
5.9, 6.2 |
|
True |
False |
SonicWALL SMA or CMS |
11.3.0 |
|
True |
False |
SQL Server |
2012, 2014, 2016 |
|
True |
False |
SUSE Linux Enterprise Server (SLES) |
11
12 |
(ver 11) x86, x86_64, PPC, zSeries, IA-64
(ver 12) x86_64, PPC, zSeries |
True |
True |
Sybase (Adaptive Server Enterprise) |
15.7, 16 |
|
True |
False |
Top Secret - Mainframe |
r14, r15 |
zSeries |
True |
True |
Top Secret - Mainframe LDAP |
r14, r15 |
zSeries |
True |
False |
Ubuntu |
14.04 LTS, 15.04, 15.10, 16.04 LTS, 16.10, 17.04, 17.10, 18.04 LTS, 18.10, 19.04 |
x86, x86_64 |
True |
True |
Windows |
Vista, 7, 8, 8.1, 10 Enterprise (including LTSC and loT). |
|
True |
True |
Windows Server |
2008, 2008 R2, 2012, 2012 R2, 2016, 2019 |
|
True |
True |
Windows SSH |
7, 8, 8.1, 10
Server 2008 R2, 2012, 2012 R2, 2016, 2019
Windows SSH Other |
|
True |
True |
Table 9: Supported platforms: Directories that can be searched
Microsoft Active Directory |
Windows 2008+ DFL/FFL |
OpenLDAP |
2.4 |
For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.
Custom platforms
The following example platform scripts are available:
- Custom HTTP
- Linux SSH
- Telnet
- TN3270 transports are available
For more information, see the Safeguard for Privileged Passwords Administration Guide, Custom platforms and Creating a custom platform script.
|
CAUTION: Facebook and Twitter functionality has been deprecated. Refer to the custom platform open source script provided on GitHub. Facebook and Twitter platforms will be remove in a future release. |
Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:
|
CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms. |
License: hardware, virtual, expiration
One Identity Safeguard for Privileged Passwords is made up of a core set of features, such as the UI and Web Services layers, and a number of modules.
Hardware appliance
The One Identity Safeguard for Privileged Passwords 3000 Appliance and 2000 Appliance ship with the following module which requires a valid license to enable functionality:
You must install a valid license for each Safeguard for Privileged Passwords module to operate. More specifically, if any module is installed, Safeguard for Privileged Passwords will show a license state of Licensed and is operational. However, depending on which models are licensed, you will see limited functionality. That is, even though you will be able to configure access requests:
- If a Privileged Passwords module license is not installed, you will not be able to request a password release.
Virtual appliance licensing
You must license the virtual appliance with a Microsoft Windows license. We recommend using either the MAK or KMS method. Specific questions about licensing should be directed to your Sales Representative.
Privileged sessions is available via a join to Safeguard for Privileged Sessions.
The virtual appliance will not function unless the operating system is properly licensed.
License expiration notice
As an Appliance Administrator:
- If you receive a "license expiring" notification, apply a new license using that module's Update License link:
- (web client): Click the Settings menu on the left then click Licensing . Click to upload a new license file.
- (desktop client): Navigate to Administrative Tools | Settings | Appliance | Licensing. Click to upload a new license file.
- If all licensed modules have expired, you will be prompted to add a new license when logging in to the Safeguard for Privileged Passwords desktop client.
- If only one of the licensed modules have expired, apply a new module license by clicking in Administrative Tools | Settings | Appliance | Licensing.
As a Safeguard for Privileged Passwords user, if you get an "appliance is unlicensed" notification, contact your Appliance Administrator.
For more information on adding or updating a Safeguard for Privileged Passwords license, see Licensing.
Long Term Support (LTS) and Feature Releases
Releases use the following version designations:
- Long Term Support (LTS) Releases: The first digit identifies the release and the second is a zero (for example, 6.0 LTS).
- Maintenance LTS Releases: A third digit is added followed by LTS (for example, 6.0.6 LTS).
- Feature Releases: The Feature Releases are two digits (for example, 6.6).
Customers choose between two lanes for receiving releases: Long Term Support (LTS) Release or Feature Release. See the following table for details.
Table 10: Comparison of Long Term Support (LTS) Release and Feature Release
|
Long Term Support (LTS) Release |
Feature Release |
Release frequency |
Frequency: Typically, every 2 years
Scope: Includes new features, resolved issues and security updates
Versioning: The first digit identifies the LTS and the second digit is a 0 (for example, 6.0 LTS, 7.0 LTS, and so on). |
Frequency: Typically, every 3 months
Scope: Includes the latest features, resolved issues, and other updates, such as security patches for the OS
Versioning: The first digit identifies the LTS and the second digit is a number identifying the Feature Release (for example, 6.6, 6.7, and so on). |
Maintenance Release |
Frequency:Typically, every 3 months during full support
Scope: Includes critical resolved issues
Versioning: A third digit designates the maintenance LTS Release (for example, 6.0.6 LTS). |
Frequency:Only for highly critical issues
Scope: Includes highly critical resolved issues
Versioning: A third digit designates the maintenance Feature Release (for example, 6.6.1). |
Support |
Typically 3 years after the original publication date or until the next LTS is published (whichever date is later) |
Typically 6 months after the original publication date or until the next feature or LTS Release is published (whichever date is later) |
Release details can be found at Product Life Cycle.
|
CAUTION: Downgrading from the latest Feature Release, even to an LTS release, voids support for SPP. |
One Identity strongly recommends always installing the latest revision of the release path you use (Long Term Support path or Feature Release path).
Moving between LTS and Feature Release versions
You can move from an LTS version (for example, 6.0.7 LTS) to the same feature version (6.7) and then patch to a later feature version. After that, you can patch from the minimum version for the patch, typically N-3. If you move from an LTS version to a feature version, you will receive a warning like the following which informs you that you will only be able to apply a Feature Release until the next LTS Release:
Warning: You are patching to a Feature Release from an LTS Release. If you apply this update, you will not be able to upgrade to a non-Feature Release until the next LTS major release version is available. See the Administration Guide for details.
You cannot move from a Feature Release to LTS Release. For example, you cannot move from 6.7 to 6.0.7 LTS. You have to keep upgrading with each new Feature Release until the next LTS Release version is published. For this example, you would wait until 7.0 LTS is available.
Patching
You can only patch from a major version. For example, if you have version 6.6 and want to patch to 7.7, you must patch to 7.0 LTS and then apply 7.7.
An LTS major version of Safeguard for Privileged Passwords (SPP) will work with the same LTS major version of Safeguard for Privileged Sessions (SPS). For the best experience, it is recommended you keep both their SPP and SPS in sync on the latest and supported version.