Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.0.6 LTS - Release Notes

Safeguard for Privileged Passwords Release Notes

Safeguard for Privileged Passwords 6.0.6

Release Notes

June 09, 2020, 11:54

These release notes provide information about the Safeguard for Privileged Passwords 6.0.6 release.

Release options

Safeguard for Privileged Passwords includes two release versions:

  • Long Term Support (LTS) release, version 6.0.6
  • Feature release, version 6.6

The versions align with Safeguard for Privileged Sessions. For more information, see Long Term Support (LTS) and Feature Releases.

About this release

Safeguard for Privileged Passwords Version 6.0.6 is minor LTS release with resolved issues.

For more details on the features and resolved issues, see:

NOTE: For a full list of key features in Safeguard for Privileged Passwords, see the Safeguard for Privileged Passwords Administration Guide.

About the Safeguard product line

The Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system, and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management and shortening the time frame to value.

Safeguard for Privileged Passwords virtual appliances and cloud applications are also available. When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.

Safeguard privileged management software suite

Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.

The Safeguard products' unique strengths are:

  • One-stop solution for all privileged access management needs
  • Easy to deploy and integrate
  • Unparalleled depth of recording
  • Comprehensive risk analysis of entitlements and activities
  • Thorough Governance for privileged account

The suite includes the following modules:

  • Safeguard for Privileged Passwords automates, controls, and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
  • One Identity for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.

    Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers to integrate seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.

  • One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics, and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time, and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action and ultimately prevent data breaches.

    Figure 1: Privileged Sessions and Privileged Passwords

Resolved issues

Issues addressed by this release follow.

Table 1: Resolved issues
Resolved issue Issue ID

Updated the documentation to place changing the Bootstrap Administrator in the correct step sequence. See the Safeguard for Privileged Passwords Appliance Setup Guide, Completing the appliance setup topic.

236508

The managed networks list of available session nodes only include nodes from the current Safeguard for Privileged Sessions. SPS nodes from a deleted session do not display as available selections in the managed networks session appliances list.

235260

Safeguard for Privileged Passwords supports VSphere 6.7.2.

234775

On Administrative Tools | Settings | Asset Management | Tags, the Effective Profile Name was added. Profiles can be inherited. For example, an account can be assigned to a specific profile (Profile Name) or it can inherit the profile from its parent asset (Effective Profile Name). When inherited, Profile Name will be null. Effective Profile Name will always have a value.

234773

For requests, the Comments can contain multiple lines.

234766

Added ability to have a network address with an underscore.

234765

Error messages are scrollable for full viewing and closing.

234737

Improved directory delete synchronization logic when asset Directory Properties are misconfigured.

233748

For support bundles, you can select Limit included log files to a number of days from Administrative Tools | Settings | Appliance | Support Bundle.

233747

In order to SPS join, the cluster must be locked. If the join attempt fails due to a cluster operation in progress, it means there is already an operation running which has obtained the cluster lock.

Using the desktop client, navigate to | Settings | Cluster | Cluster Management to force complete and result in cancellation of the operation. You should never cancel the cluster lock for an SPP unjoin, failover, cluster reset, restore, patch, or IP address update. If a SPP join (enroll) is taking a long time, you may cancel it during the streaming audit data step. If a patch distribution is taking a long time, you may cancel it and upload the patch to the replicas directly. See Unlocking a locked cluster.

If the operation in progress is the weekly cluster data consistency operation, the operation can be canceled but the amount of time it takes to cancel can vary. You can view the activity center for the following events which mark the progress and completion of the data consistency operation.

SynchronizingDataStartedEvent: Data consistency always starts with this event

SynchronizingDataCompletedEvent: Signals the completion of data synchronization

SynchronizingAuditLogsStartedEvent: Signals the start of the audit log synchronization

SynchronizingAuditLogsCompletedEvent: Signals the completion of audit log synchronization and the completion of the data consistency operation

The completion events will indicate success or failure. If you choose to cancel, look out for these completion events which will contain details on the cancel.

232977

The RDP session does not requires sg for session authentication.

232968

eDirectory can be added as an identity provider.

232961

Known issues

The following is a list of issues known to exist at the time of release.

Known issue

Issue ID

Safeguard for Privileged Passwords does not support PowerShell v6.0 or greater. Use either the Windows command shell or a PowerShell version less than 6.0 as the default shell configured for Open SSH sessions on a Windows asset. See OneIdentity/safeguard-ps.

229123

When using the Windows SSH platform, local group names greater than 20 character are not supported. Account discovery is affected. For example, if you create a discovery rule to find all users matching groupname = groupnamelongerthantwenty, SPP will not find a match.

225931

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating