Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.9 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

FIDO2 keys (web client)

If the FIDO2 feature is enabled, at least one FIDO2 key must be registered. When a key is added, the placeholder name is Unnamed Key. You can enter a meaningful name or later edit the name. It is recommended that all users have more than one key registered in case a key is lost or damaged.

  1. In the upper right corner, next to your user name, click .
  2. Click My Settings.
  3. Open the My Account tab.
  4. Click Manage FIDO2 Keys. For existing keys, you will see the name and date each existing key was registered and last used.
  5. Perform an action:
    • To change a name, enter the new name, then click Save.
    • To remove a key, click Remove by the key. One key must remain registered. If a physical security key is lost, always delete the associated key from Safeguard for Privileged Passwords.
    • To add a key, click Register New FIDO2 Key.
      1. You will be asked to insert or connect to the new key.
      2. You will be prompted to reenter your primary credentials for verification.

      3. Tap or activate your new FIDO2 key that is being registered.

      4. You may then go back to the Manage FIDO2 Key page and give your newly registered key a name, then click Save.

For more information, see Requiring secondary authentication log in.

Log out (web client)

Always securely log out of the web client. Log events are created based on how the user logged out: UserLoggedOut or InactiveUserLoggedOut.

To log out

  1. In the upper right corner, next to your user name, click .
  2. Click Log Out to securely exit the Safeguard for Privileged Passwords web client.

Getting started with the desktop client

To define and enforce security policy for your enterprise, you must first install the desktop client application which gives you access to the Administrative Tools.

These topics explain how to install, start, and uninstall the Safeguard for Privileged Passwords desktop client application:

Installing the desktop client

During initial installation and when applying a patch, make sure the desktop client file is the one supplied with the appliance version. If the versions are not compatible, errors may occur.

NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:

  • Any reference to putty in the PATH environment variable
  • c:/Program Files/Putty
  • c:/Program Files(x86)/Putty
  • c:/Putty

If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:

<user-home-dir>/AppData/Local/Safeguard/putty.

If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.

Installing the Safeguard for Privileged Passwords desktop client application

CAUTION: The Safeguard for Privileged Passwords client version must match the installed Safeguard for Privileged Passwords version.

  1. To download the Safeguard for Privileged Passwords desktop client Windows installer .msi file, open a browser and navigate to:

    https://<Appliance IP>/Safeguard.msi

    Save the Safeguard.msi file in a location of your choice.

  2. Run the MSI package.
  3. Select Next in the Welcome dialog.
  4. Accept the End-User License Agreement and select Next.
  5. Select Install to begin the installation.
  6. Select Finish to exit the desktop client setup wizard.
  7. Check your desktop resolution. The desktop client works the best at a resolution of 1024 x 768 or greater.

Installing the Desktop Player

CAUTION: If the Desktop Player is not installed and a user tries to play back a session from the Activity Center, a message like the following will display: No Desktop Player. The Safeguard Desktop Player is not installed. Would you like to install it now? The user will need to click Yes to go to the download page to install the player following step 2 below.

  1. Once the Safeguard for Privileged Passwords installation is complete, go to the Windows Start menu, Safeguard folder, and click Download Safeguard Player to be taken to the One Identity Safeguard for Privileged Sessions - Download Software web page.
  2. Follow the Install Safeguard Desktop Player section of the player user guide found here:

    1. Go to One Identity Safeguard for Privileged Sessions - Technical Documentation.
    2. Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.
  3. For Safeguard Desktop player version 1.8.6 and later, ensure your signed web certificate has a Subject Alternative Name (SAN) that includes each IP address of each of your cluster members. If the settings are not correct, the Safeguard Desktop Player will generate a certificate warning like the following when replaying sessions: Unable to verify SSL certificate. To resolve this issue, import the appropriate certificates including the root CA.

New Desktop Player versions

When you have installed a version of the Safeguard Desktop Player application, you will need to uninstall the previous version to upgrade to a newer player version.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating