Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email for assistance

One Identity Safeguard for Privileged Passwords 7.4.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Cannot delete account

If you are unable to delete an account, review the considerations below.

Wrong account name:

As an Asset Administrator, you may receive this error if you attempt to delete an account : This entity has access requests which have not yet expired or have to be reviewed. It cannot be deleted now. This error could indicate that SPP is trying to change the password or SSH key on an account that does not exist on the asset.

One reason for this error message is that the wrong account name was used when adding the account to Safeguard. So now when someone requests the password or SSH key for this account, Safeguard displays the password or SSH key that was manually set. However, when the requester attempts to log in to the asset using the bad account and password or SSH key, it will fail. If the access request policy specified Change password after check-in, the above error message appears when the administrator tries to delete the account from SPP.

Workaround: To delete the account with the misspelled name, first manually set the password or SSH key on the account. Once the account password is reset, SPP will allow you to delete the account.

For more information, see: 

Cannot play session message

If you receive a message that says Cannot play session... The specified executable is not a valid application for this OS platform, you are most likely attempting to run the Desktop Player on a 32-bit platform, which is not supported.

Domain user denied access to SPP

If you add a directory user who has the User must change password at next logon option enabled in Active Directory, SPP prevents that user from logging in. There are two ways to allow the directory user to log in to SPP successfully:

  • Have the directory user use their domain account to log in to an asset joined to Active Directory. When prompted they can change their password. This fulfills the User must change password at next logon requirement.


  • Have the domain administrator disable the option in Active Directory for the directory user.

LCD status messages

The One Identity Safeguard for Privileged Passwords Appliance has an LCD screen that displays the status of the appliance as it is starting and as it progress through certain operations.

As it proceeds through its various stages, it displays the following LCD status messages. First boot setup refers to the initial configuration of SPP, which normally happens at the factory when the appliance is deployed and after a factory reset.

  • Apply Update xx%: Shows the percentage completed as the appliance progresses through an update operation.
  • Factory Reset xx%: Shows the percentage completed as the appliance progresses through a factory reset.
  • First boot ... <version>: Displays after the first boot completes while it is waiting for SPP to load.
  • First Boot Setup xx%: Shows the percentage completed as the appliance is being configured for the first time.
  • Preparing for first boot setup: Displays after a factory reset and before the appliance starts configured for the first time.
  • Quarantine: Indicates the appliance in a Quarantine state. For more information, see What do I do when an appliance goes into quarantine..
  • Starting core: Indicates that SPP is being loaded.
  • Starting database: Indicates that the SPP database is being loaded.
  • Starting reboot: Indicates the appliance is being rebooted.
  • Starting services: Indicates that SPP services are being loaded.
  • Starting shut down: Indicates the appliance is being shut down.
  • Starting web: Indicates that the web services are being loaded.

When the appliance is running, the LCD home screen displays: Safeguard for Privileged Passwords <version number>.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating