One Identity Safeguard for Privileged Passwords 6.0.7 LTS

One Identity Safeguard for Privileged Passwords 6.0.7 LTS - Release Notes

Safeguard for Privileged Passwords Release Notes

About the Safeguard product line Resolved issues System requirements and versions

Desktop client system requirements Web client system requirements Web management console system requirements Supported platforms License: hardware, virtual, expiration Long Term Support (LTS) and Feature Releases

Appliance specifications

Appliance LCD and controls

Product licensing Update and installation instructions

Verify successful installation

More resources Globalization Third-party components

Desktop client system requirements

The desktop client is a native Windows application suitable for use on end-user machines. You install the desktop client by means of an MSI package that you can download from the appliance web client portal. You do not need administrator privileges to install Safeguard for Privileged Passwords.

NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:

Any reference to putty in the PATH environment variable
c:/Program Files/Putty
c:/Program Files(x86)/Putty
c:/Putty

If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:

<user-home-dir>/AppData/Local/Safeguard/putty.

If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.

Table 2: Desktop client requirements
Component	Requirements
Technology	Microsoft .NET Framework 4.6 (or later)
Windows platforms	64-bit editions of: Windows 7 Windows 8.1 Windows 10 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 If the appliance setting, TLS 1.2 Only is enabled, (Administrative Tools \| Settings \| Appliance \| Appliance Information), ensure the desktop client also has TLS 1.2 enabled. If the client has an earlier version of TLS enabled, you will be locked out of the client and will not be able to connect to Safeguard for Privileged Passwords. IMPORTANT: The Windows 7 Desktop client has additional requirements in order to enable TLS 1.2. For information, see Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows. Considerations: Internet Explorer security must be set to use TLS 1.0 or higher. Ensure the proper "Use TLS" setting is enabled on the Advanced tab of the Internet Options dialog (In Internet Explorer, go to Tools \| Internet Options \| Advanced tab). To use FIDO2 two-factor authentication, you will need a web browser that supports the WebAuthn standard.
Desktop Player	See One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide available at: One Identity Safeguard for Privileged Sessions - Technical Documentation, User Guide.

Web client system requirements

Table 3: Web requirements
Component	Requirements
Web browsers	Desktop browsers: Apple Safari 13.1 for desktop (or later) Google Chrome 80 (or later) Microsoft Edge 80 (or later) Mozilla Firefox 69 (or later) Microsoft Internet Explorer 11 (Newer features may not work with Internet Explorer. You are encouraged to upgrade to a browser that can support all functionality.) Mobile device browsers: Apple iOS 13 (or later) Google Chrome on Android version 80 (or later)

Web management console system requirements

Table 4: Web kiosk requirements
Component	Requirements
Web management console	Desktop browsers: Apple Safari 13.1 for desktop (or later) Google Chrome 80 (or later) Microsoft Edge 80 (or later) Mozilla Firefox 69 (or later) Microsoft Internet Explorer 11 (Newer features may not work with Internet Explorer. You are encouraged to upgrade to a browser that can support all functionality.)

Platforms and versions follow.

You must license the VM with a Microsoft Windows license. We recommend using either the MAK or KMS method. Specific questions about licensing should be directed to your Sales Representative.
Supported hypervisors:
- Microsoft Hyper-V (VHDX) version 8 or higher
- VMware vSphere with vSphere Hypervisor (ESXi) version 6.5 or higher
- VMware Worksation version 13 or higher
Minimum resources: 4 CPUs, 10GB RAM, and a 500GB disk. The virtual appliances default deploy does not provide adequate resources. Ensure these minimum resources are met.

Supported platforms

Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.

Safeguard for Privileged Passwords tested platforms

The following table lists the platforms and versions that have been tested for Safeguard for Privileged Passwords (SPP). Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, or Other Linux selection on the Management tab of the Asset dialog.

SPP joined to SPS: Sessions platforms

When Safeguard for Privileged Passwords (SPP) is joined with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:

• SPP 2.8 or lower: RDP, SSH

• SPP 2.9 or higher: RDP, SSH, or Telnet

Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.

Supported platform updates

For all supported platforms, it is assumed that the latest updates are applied.

Table 5: Supported platforms: Assets that can be managed
Platform	Version	Architecture (all versions unless noted)	Supports SPP	Supports SPS Access
ACF2 - Mainframe	r14, r15	zSeries	True	True
ACF2 - Mainframe LDAP	r14, r15	zSeries	True	False
Active Directory			True	False
AIX	6.1, 7.1, 7.2	PPC	True	True
Amazon Linux	2	x86_64	True	True
Amazon Web Services (AWS)	1		True	False
CentOS Linux	6 7	(ver 6) x86, x86_64 (ver 7) x86_64	True	True
Cisco ASA	7.x, 8.x		True	True
Cisco IOS	12.X, 15.X		True	True
Debian GNU/Linux	6, 7, 8, 9	x86, x86_64, MIPS, PPC, zSeries	True	True
Dell iDRAC	7, 8		True	True
ESXi (VSphere)	5.5, 6.0, 6.5, 6.7		True	False
F5 Big-IP	12.1.2, 13.0, 14.0		True	True
Fedora	21, 22, 23, 24, 25, 26, 27, 28, 29, 30	x86, x86_64	True	True
Fortinet FortiOS	5.2, 5.6		True	True
FreeBSD	10.4, 11.1, 11.2	x86, x86_64	True	True
HP iLO	2, 3, 4	x86	True	True
HP iLO MP	2, 3	IA-64	True	True
HP-UX	11iv2 (B.11.23), 11iv3 (B.11.31)	PA-RISC, IA-64	True	True
IBM i (formerly AS/400)	7.1, 7.2, 7.3	PPC	True	True
Junos - Juniper Networks	12, 13, 14, 15		True	True
macOS	10.9, 10.10, 10.11, 10.12, 10.13	x86_64	True	True
MongoDB	3.4, 3.6, 4.0		True	False
MySQL	5.6, 5.7		True	False
OpenLDAP	2.4		True	False
Oracle	11g Release 2, 12c Release 1		True	False
Oracle Linux (OEL)	6 7	(ver 6) x86, x86_64 (ver 7) x86_64	True	True
Other			False	False
Other Linux			True	True
Other Managed			True	False
PAN-OS	6.0, 7.0, 8.0, 8.1		True	True
PostgreSQL	9.6, 10.2, 10.3, 10.4, 10.5		True	False
RACF - Mainframe	z/OS V2.1 Security Server, z/OS V2.2 Security Server	zSeries	True	True
RACF - Mainframe LDAP	z/OS V2.1 Security Server, z/OS V2.2 Security Server	zSeries	True	False
Red Hat Enterprise Linux (RHEL)	6, 7, 8	(ver 6) x86, x86_64, PPC, zSeries (ver 7 and 8) x86, x86_64, PPC, zSeries	True	True
SAP HANA	2.0	Other	True	False
SAP Netweaver Application Server	7.3, 7.4, 7.5		True	False
Solaris	10, 11	(ver 10) SPARC, x86, x86_64 (ver 11) SPARC, x86_64	True	True
SonicOS	5.9, 6.2		True	False
SonicWALL SMA or CMS	11.3.0		True	False
SQL Server	2012, 2014, 2016, 2017, 2019		True	False
SUSE Linux Enterprise Server (SLES)	11 12	(ver 11) x86, x86_64, PPC, zSeries, IA-64 (ver 12) x86_64, PPC, zSeries	True	True
Sybase (Adaptive Server Enterprise)	15.7, 16		True	False
Top Secret - Mainframe	r14, r15	zSeries	True	True
Top Secret - Mainframe LDAP	r14, r15	zSeries	True	False
Ubuntu	14.04 LTS, 15.04, 15.10, 16.04 LTS, 16.10, 17.04, 17.10, 18.04 LTS, 18.10, 19.04	x86, x86_64	True	True
Windows	Vista, 7, 8, 8.1, 10 Enterprise (including LTSC and loT).		True	True
Windows Server	2008, 2008 R2, 2012, 2012 R2, 2016, 2019		True	True
Windows SSH	7, 8, 8.1, 10 Server 2008 R2, 2012, 2012 R2, 2016, 2019 Windows SSH Other		True	True

Table 6: Supported platforms: Directories that can be searched
Platform	Version
Microsoft Active Directory	Windows 2008+ DFL/FFL
OpenLDAP	2.4

For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.

Custom platforms

The following example platform scripts are available:

Custom HTTP
Linux SSH
Telnet
TN3270 transports are available

For more information, see Custom platforms and Creating a custom platform script in the Safeguard for Privileged Passwords Administration Guide.

CAUTION: Facebook and Twitter functionality has been deprecated. Refer to the custom platform open source script provided on GitHub. Facebook and Twitter platforms will be remove in a future release.

Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:

Command-Reference:

https://github.com/OneIdentity/SafeguardCustomPlatform/wiki/Command-Reference
Writing a custom platform script:

https://github.com/OneIdentity/SafeguardCustomPlatform/wiki/WritingACustomPlatformScript
Example platform scripts are available at this location:

https://github.com/OneIdentity/SafeguardCustomPlatform/tree/master/SampleScripts

CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem