Safeguard for Privileged Passwords Release Notes
Safeguard for Privileged Passwords 7.2
Release Notes
14 February 2023, 07:21
These release notes provide information about the Safeguard for Privileged Passwords release. For the most recent documents and product information, see Online product documentation.
If you are updating a Safeguard for Privileged Passwords version prior to this release, read the release notes for the version found at: One Identity Safeguard for Privileged Passwords Technical Documentation.
Release options
Safeguard for Privileged Passwords includes two release versions:
- Long Term Support (LTS) maintenance release, version 7.0.2 LTS
- Feature release, version 7.2
The versions align with Safeguard for Privileged Sessions. For more information, see Long Term Support (LTS) and Feature Releases.
About this release
Safeguard for Privileged Passwords Version 7.2 is a major feature release with new features, resolved issues, and known issues.
About the Safeguard product line
The Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance are built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system, and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management and shortening the time frame to value.
Safeguard for Privileged Passwords virtual appliances and cloud applications are also available. When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.
Safeguard privileged management software suite
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
- One-stop solution for all privileged access management needs
- Easy to deploy and integrate
- Unparalleled depth of recording
- Comprehensive risk analysis of entitlements and activities
- Thorough Governance for privileged account
The suite includes the following modules:
- Safeguard for Privileged Passwords automates, controls, and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
-
One Identity for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers to integrate seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
NOTE: Configuration options and details related to Safeguard for Privileged Sessions will only be visible to customers that have purchased and joined the product to Safeguard for Privileged Passwords.
-
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics, and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time, and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action and ultimately prevent data breaches.
Figure 1: Privileged Sessions and Privileged Passwords
New features
WinRM updates (315800)
Windows RM module in RSMS now supports missing service types in UpdateDependentSystem.
Support for using TOTP for asset accounts (315801)
Safeguard for Privileged Passwords now supports using time-based one-time passwords (TOTP) for accounts. You can set a TOTP authenticator for the accounts once they have been configured in Safeguard for Privileged Passwords.
API keys now supported for Azure AD and AWS connectors (191520)
Safeguard for Privileged Passwords now supports using API keys for accounts associated with Azure AD and AWS connectors. You can check, change, and set the API keys for the accounts once they have been configured in Safeguard for Privileged Passwords.
Connect for Safeguard Assets service now includes 2 Mac agents (399405)
Available after Safeguard for Privileged Passwords has been joined to Starling, Connect for Safeguard Assets has added 2 Mac agents (Mac x64 and Mac arm64) to allow for disconnected assets to be discovered and managed by Safeguard for Privileged Passwords. For more information, see the Connect for Safeguard Assets User Guide.
Support for the Safeguard for Privileged Passwords 4000 Appliance
The Safeguard for Privileged Passwords 4000 Appliance is available with the latest security updates and trusted certificate updates/revocations. It is compatible with Safeguard for Privileged Passwords 7.0 or later.
Resolved issues
Issues addressed by this release follow.
Table 1: General resolved issues
|
Improvements made to the URL link function in the password vault. |
402390 |
|
Fixed task discovery on Windows 2012 R2 (and lower) |
401538 |
|
AWS password checks now working as intended. |
400306 |
|
The number 0 is now allowed in the Exclude these Numeric Characters field in an Account Password Rule. |
399859 |
|
Fixed an issue with using an @ symbol in the username of an RDP application session. |
393875 |
|
Does not Equal condition in Account Rules for a Dynamic Account Group now applying properly. |
393829 |
|
Improved service discovery for Windows SSH platform in a multi-forest environment. |
393093 |
|
Fixed an issue where stopping the ConnectForSafeguardAssets windows service while in the process of removing an asset could cause multiple AgentIds to be generated for a single asset. |
392787 |
|
Reports now accurately show the time restriction when it is only one hour. |
392766 |
|
Fixed database security issue. |
392749 |
|
Fixed an issue where the scheduler was still running discovery on removed or disabled assets. |
389268 |
|
Documentation has been fixed to say user password rules are configurable by Appliance Administrators. |
388981 |
|
Scheduled password changes no longer failing for custom platforms. |
388711 |
|
Fixed a timestamp issue with quarantine bundles. |
388415 |
|
Fixed an issue with using a semicolon character in a service account password for a MySQL asset. |
387734 |
|
Fixed an issue causing high CPU. |
387254 |
|
Password change failures on Palo Alto platform are now being detected correctly. |
386369 |
|
Fixed a quarantine issue. |
312916 |
|
Correctly displaying the Use Alternate Login Name field in the UI when creating access request policies. |
288506 |
|
Updated third-party component libraries. |
387395 |
|
Now displaying the SSH Session Port field even when None is selected as the Authentication Type. |
388386 |
|
Addressed an issue causing account discovery to fail for Solaris. |
316006 |
|
Fixed a quarantine issue when upgrading to 7.0. |
387277 |
|
Reverted a change that hid the API keys on the Access Request Broker page to be seen by Auditors. |
404697 |
