Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.7.4 - Appliance Setup Guide

Web client system requirements

Table 2: Web requirements
Component Requirements
Web browsers

Desktop browsers:

  • Apple Safari 13.1 for desktop (or later)
  • Google Chrome 80 (or later)
  • Microsoft Edge 80 (or later)
  • Mozilla Firefox 69 (or later)
  • Microsoft Internet Explorer 11 (Newer features may not work with Internet Explorer. You are encouraged to upgrade to a browser that can support all functionality.)

Mobile device browsers:

  • Apple iOS 13 (or later)
  • Google Chrome on Android version 80 (or later)

Web management console system requirements

Table 3: Web kiosk requirements
Component Requirements
Web management console

Desktop browsers:

  • Apple Safari 13.1 for desktop (or later)
  • Google Chrome 80 (or later)
  • Microsoft Edge 80 (or later)
  • Mozilla Firefox 69 (or later)
  • Microsoft Internet Explorer 11 (Newer features may not work with Internet Explorer. You are encouraged to upgrade to a browser that can support all functionality.)

Platforms and versions follow.

  • You must license the VM with a Microsoft Windows license. We recommend using either the MAK or KMS method. Specific questions about licensing should be directed to your Sales Representative.

  • Supported hypervisors:
    • Microsoft Hyper-V (VHDX) version 8 or higher
    • VMware vSphere with vSphere Hypervisor (ESXi) versions 6.5 or higher

    • VMware Worksation version 13 or higher

  • Minimum resources: 4 CPUs, 10GB RAM, and a 500GB disk. The virtual appliances default deploy does not provide adequate resources. Ensure these minimum resources are met.

Supported platforms

One Identity Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.

Safeguard for Privileged Passwords tested platforms

The following table lists the platforms and versions that have been tested for Safeguard for Privileged Passwords (SPP). Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, or Other Linux selection on the Management tab of the Asset dialog.

SPP joined to SPS: Sessions platforms

When Safeguard for Privileged Passwords (SPP) is joined with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:

• SPP 2.8 or lower: RDP, SSH

• SPP 2.9 or higher: RDP, SSH, or Telnet

Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.

Table 4: Supported platforms: Assets that can be managed
Platform Name Platform Version Architecture (all versions unless noted)

Supports SPP

Supports SPS Access

ACF2 - Mainframe

r14, r15

zSeries

True

True

ACF2 - Mainframe LDAP

r14, r15

zSeries

True

False

Active Directory

 

 

True

False

AIX

6.1, 7.1, 7.2

PPC

True

True

Amazon Linux

2

x86_64

True

True

Amazon Web Services

1  

True

False

CentOS Linux

6

7

8

(ver 6) x86, x86_64

(ver 7) x86_64

(ver 8) x86_64

True

True

Cisco ASA

7.x, 8.x, 9.X

 

True

True

Cisco IOS 12.X, 15.X, 16.X  

True

True

Debian GNU/Linux

6, 7, 8, 9,10

MIPS, PPC, x86, x86_64, zSeries

True

True

Dell iDRAC

7, 8, 9

  

True

True

ESXi
(VSphere)

5.5, 6.0, 6.5, 6.7x

 

True

False

F5 Big-IP

12.1.2, 13.0, 14.0, 15.0

  

True

True

Fedora

21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32

x86, x86_64

True

True

Fortinet FortiOS

5.2, 5.6, 6.0, 6.2

  

True

True

FreeBSD

10.4, 11.1, 11.2, 12.0

x86, x86_64

True

True

HP iLO

2, 3, 4, 5

x86

True

True

HP iLO MP

2, 3

IA-64

True

True

HP-UX

11iv2 (B.11.23),
11iv3 (B.11.31)

IA-64, PA-RISC

True

True

IBM i (formerly AS400)

7.1, 7.2, 7.3, 7.4

PPC

True

True

Junos - Juniper Networks

12, 13, 14, 15, 16, 17, 18, 19

  

True

True

macOS

10.9, 10.10, 10.11, 10.12, 10.13, 10.14, 10.15

x86_64

True

True

MongoDB

3.4, 3.6, 4.0, 4.2

  

True

False

MySQL

 5.6, 5.7, 8.0  

True

False

OpenLDAP

2.4

 

True

False

Oracle

11g Release 2,
12c Release 1

12c Release 2

18c

19c

  

True

False

Oracle Linux (OL)

6, 7, 8

(ver 6) x86, x86_64

(ver 7 and 8) x86_64

True

True

Other

 

 

False

False

Other Linux

 

 

True

True

Other Managed

 

 

True

False

PAN-OS

6.0, 7.0, 8.0, 8.1, 9.0

  

True

True

PostgreSQL

9.6, 10, 10.2, 10.3, 10.4, 10.5, 11, 12

 

True

False

RACF - Mainframe

z/OS V2.1 Security Server,
z/OS V2.2 Security Server

z/OS V2.3 Security Server

 zSeries

True

True

RACF - RACF - Mainframe LDAP

z/OS V2.1 Security Server,
z/OS V2.2 Security Server

z/OS V2.3 Security Server

zSeries

True

False

Red Hat Enterprise Linux (RHEL)

6, 7, 8

(ver 6) PPC, x86, x86_64, zSeries

(ver 7 and 8) PPC, x86_64, zSeries

True

True

SAP HANA

2.0

Other

True

False

SAP Netweaver Application Server

7.3, 7.4, 7.5

  

True

False

Solaris

10, 11

(ver 10) SPARC, x86, x86_64

(ver 11) SPARC, x86_64

True

True

SonicOS

5.9, 6.2, 6.4, 6.5

  

True

False

SonicWALL SMA or CMS

11.3.0

  

True

False

SQL Server

2012, 2014, 2016, 2017, 2019

  

True

False

SUSE Linux Enterprise Server (SLES)

11, 12, 15

(ver 11) IA-64, PPC, x86, x86_64, zSeries,

(ver 12 and 15) PPC, x86_64, zSeries

True

True

Sybase (Adaptive Server Enterprise)

15.7, 16, 17

  

True

False

Top Secret - Mainframe LDAP

r14, r15, r16

zSeries

True

False

Top Secret - Mainframe

r14, r15, r16

zSeries

True

True

Ubuntu

14.04 LTS, 15.04, 15.10, 16.04 LTS, 16.10, 17.04, 17.10, 18.04 LTS, 18.10, 19.04

19.10, 20.4

ver 14.04 to ver 19.04) x86, x86_64

(ver 19.10 and 20.4) x86_64

True

True

Windows

Vista, 7, 8, 8.1, 10 Enterprise (including LTSC and loT)

Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, Server 2019

  

True

True

Windows (SSH)

7, 8, 8.1, 10

Server 2008 R2, 2012, 2012 R2, 2016, 2019

Windows SSH Other

 

True

True

Table 5: Supported platforms: Directories that can be searched
Platform Name Platform Version

Microsoft Active Directory

Windows 2008+ DFL/FFL

OpenLDAP

2.4

For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.

Custom platforms

The following example platform scripts are available:

  • Custom HTTP
  • Linux SSH
  • Telnet
  • TN3270 transports are available

For more information, see Custom Platforms and Creating a custom platform script in the Safeguard for Privileged Passwords Administration Guide.

Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:

CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms.

Licenses

Hardware appliance

The One Identity Safeguard for Privileged Passwords 3000 Appliance and 2000 Appliance ship with the Privileged Passwords module which requires a valid license to enable functionality.

You must install a valid license. Once the module is installed, Safeguard for Privileged Passwords shows a license state of Licensed and is operational. If the module license is not installed, you have limited functionality. That is, even though you will be able to configure access requests, if a Privileged Passwords module license is not installed, you will not be able to request a password release

Virtual appliance Microsoft Windows licensing

You must license the virtual appliance with a Microsoft Windows license. We recommend using either the MAK or KMS method. Specific questions about licensing should be directed to your Sales Representative. The virtual appliance will not function unless the operating system is properly licensed.

Licensing setup and update

To enter licensing information when you first log in

The first time you log in as the Appliance Administrator, you are prompted to add a licenses. The Success dialog displays when the license is added.

On the virtual appliance, the license is added as part of Initial Setup.

To configure reminders for license expiration

To avoid disruptions in the use of Safeguard for Privileged Passwords, the Appliance Administrator must configure the SMTP server, and define email templates for the License Expired and the License Expiring Soon event types. This ensures you will be notified of an approaching expiration date.

Users are instructed to contact their Appliance Administrator if they get an "appliance is unlicensed" notification.

As an Appliance Administrator, if you receive a "license expiring" notification, apply a new license.

To update the licensing file

Licensing update is only available using a virtual machine, not via the hardware.

web client: To perform licensing activities

Go to the licensing page:

  1. Navigate to  Settings| Appliance| Licensing.
    • To upload a new license file, click Upload a new license file and browse to select the current license file.
    • To remove the license file, select the license and click Remove selected license.

desktop client: To perform licensing activities

  1. Navigate to Administrative Tools | Settings | Appliance | Licensing.
    • To upload a new license file, click Add License and browse to select the license file.
    • To update a license file, select the license then select Update License in the lower left corner of a module's licensing information pane, select the license file, and click Open.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating