Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.8 - Release Notes

Safeguard for Privileged Passwords Release Notes

Safeguard for Privileged Passwords 6.8

Release Notes

19 January 2021, 09:07

These release notes provide information about the Safeguard for Privileged Passwords 6.8 release. If you are updating a Safeguard for Privileged Passwords version prior to this release, read the release notes for the version found at: One Identity Safeguard for Privileged Passwords Technical Documentation.

For the most recent documents and product information, see One Identity Safeguard for Privileged Passwords Technical Documentation.

Release options

Safeguard for Privileged Passwords includes two release versions:

  • Long Term Support (LTS) maintenance release, version 6.0.8 LTS
  • Feature release, version 6.8

The versions align with Safeguard for Privileged Sessions. For more information, see Long Term Support (LTS) and Feature Releases.

About this release

Safeguard for Privileged Passwords Version 6.8 is a minor feature release with new features, resolved issues, and known issues.

For more details, see:

NOTE: For a full list of key features in Safeguard for Privileged Passwords, see the Safeguard for Privileged Passwords Administration Guide.

About the Safeguard product line

The Safeguard for Privileged Passwords 3000 and 2000 Appliances are built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system, and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management and shortening the time frame to value.

Safeguard for Privileged Passwords virtual appliances and cloud applications are also available. When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.

Safeguard privileged management software suite

Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.

The Safeguard products' unique strengths are:

  • One-stop solution for all privileged access management needs
  • Easy to deploy and integrate
  • Unparalleled depth of recording
  • Comprehensive risk analysis of entitlements and activities
  • Thorough Governance for privileged account

The suite includes the following modules:

  • Safeguard for Privileged Passwords automates, controls, and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
  • One Identity for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.

    Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers to integrate seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.

  • One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics, and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time, and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action and ultimately prevent data breaches.

    Figure 1: Privileged Sessions and Privileged Passwords

New features

Upgrade to .Net Framework 4.7.2, Swagger 3.0.3, and ASP.NET Core SignalR (241987)

The following upgrades were made to third-party software components:

  • .Net Framework 4.7.2 is now required (.Net Framework 4.6 is no longer supported).
  • Safeguard for Privileged Passwords upgraded to Swagger 3.0.3.
  • Safeguard for Privileged Passwords upgraded to ASP.NET Core SignalR.

CAUTION: Starting with Safeguard for Privileged Passwords 6.8, any user that built a custom solution that monitors for events using ASP.NET SignalR will need to make changes to their solutions due to the upgrade to ASP.NET Core SignalR. For more information on this change and how to upgrade between the two versions, see the Microsoft documentation.

Users that built custom solutions that do not rely on event monitoring via SignalR should not be impacted.

NOTE: Safeguard for Privileged Passwords 6.8 versions of open source projects hosted on GitHub (SafeguardDotNet, SafeguardJava, safeguard-bash) have been updated to support ASP.NET Core SignalR so they will work with the new SignalR changes in Safeguard for Privileged Passwords 6.8.

Discovery enhancements (191526)

Enhancements were made to Discovery that allow for the creation of objects that previously were required to be configured prior to creating discovery jobs. The tag functionality has also been added to Asset Discovery Rules and Account Discovery Rules.

Supported platforms updated (252174)

The list of available platforms for assets has been simplified with the version and architecture now associated with the asset rather than the platform.

NOTE: Prior to Safeguard for Privileged Passwords 6.8, the version and architecture information was readonly. It was stored with the platform and formed part of the platform name. As of Safeguard for Privileged Passwords 6.8, this information is no longer associated with the platform. It is now optional, and can be configured on each asset.

A new set of platforms are defined in Safeguard for Privileged Passwords 6.8 to replace the legacy platforms. See the table below for details on how the legacy platforms are mapped to the new platforms.

For customers upgrading from a pre-6.8 version of Safeguard for Privileged Passwords, the legacy platform will automatically be mapped to the corresponding new platform for each existing asset. Following an upgrade, the platform id of each existing asset will have changed. Some platform names may also have changed. From the desktop UI, only the new platforms are available when creating an asset. By default, the API will also only report the new platforms. For example, a GET request to the following URI will report only the new platforms:

https://<appliance>/servive/core/V3/Platforms

The legacy platforms still exist within Safeguard for Privileged Passwords for reference, but can only be retrieved using a filter query with the API. For example, the following will retrieve the legacy Active Directory platform:

https://<appliance>/servive/core/V3/Platforms?filter=Id%20eq%203

Starling Connect integration (191559)

You are now able to connect your Starling Azure AD connectors with Safeguard for Privileged Passwords. This allows for the accounts stored in Azure AD to be discovered and controlled by Safeguard for Privileged Passwords through the use of partitions which allow for rotating passwords to provide additional security for them.

See also:

Resolved issues

Issues addressed by this release follow.

Table 1: General resolved issues
Resolved issue

Issue ID

Fixed an issue where the platform responded with unexpected data because it didn't wait the full 20 seconds that the user requested.

188242

Search in PingDirectory now finding the default users.

252372

Safeguard for Privileged Passwords add cluster member no longer failing due to network segmentation.

253189

SSH session no longer failing when using a custom port (WEB UI).

253351

Fixed an issue with validating JSON data passed in to the Safeguard API.

250785

Audit Log Archive and Purge no longer failing with Server timeout during read query at consistency LocalOne.

254905

PAN OS no longer using Global Commit for password changes.

257674

Fixed icon issue when enabling 'show account request availability' (Web UI).

253399

SPP initiated sessions no longer fail when using domain account

252737

Activating TLS 1.2 only is now possible on replica appliances.

231622

Issue with ServiceNow tickets not validating has been fixed.

248826

Sessions now showing correctly in dashboard after upgrade.

251628

Account modifications are now working as expected.

250782

Account Discovery Rules are evaluated in order.

242618

Fixed an issue where the scheduler entered tight loop and required appliance reboot.

253417

Fixed an issue where Primary and Replica went into Quarantine.

253666

Added a check when Safeguard for Privileged Sessions joins to Safeguard for Privileged Passwords to ensure the correct port is available before attempting the join.

253767

Bad request error messages have been updated.

254057

Patching from 6.0 no longer disables Account discovery or changes defaults for other Services to disabled.

254904

Fixed an issue where the eDirectory identity provider delete sync removed users.

255128

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents