Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

One Identity Safeguard for Privileged Passwords 7.4.1 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

System requirements and versions

One Identity Safeguard for Privileged Passwords allows you to manage access requests, approvals, and reviews for your managed accounts and systems.

  • The web client consists of an end-user view and administrator view. The fully featured client exposes all of the functionality of Safeguard based on the role of the authenticated user.
  • The web management console displays whenever you connect to the virtual appliance and is used for first time configuration.
    When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.

Ensure that your system meets the minimum hardware and software requirements for these clients.

If a Safeguard Sessions Appliance is linked to SPP, session recording is handled via Safeguard for Privileged Session. The link is initiated from Safeguard for Privileged Sessions. For details about the link steps and issue resolution, see the One Identity Safeguard for Privileged Sessions Administration Guide.

Bandwidth

It is recommended that connection, including overhead, is faster than 10 megabits per second inter-site bandwidth with a one-way latency of less than 500 milliseconds. If you are using traffic shaping, you must allow sufficient bandwidth and priority to port 655 UDP in the shaping profile. These numbers are offered as a guideline only in that other factors could require additional network tuning. These factors include but are not limited to: jitter, packet loss, response time, usage, and network saturation. If there are any further questions, please check with your Network Administration team.

Web client system requirements

Table 5: Web requirements
Component Requirements
Web browsers

Desktop browsers:

  • Apple Safari 16.0 for desktop (or later)
  • Google Chrome 108 (or later)
  • Microsoft Edge 108 (or later)
  • Mozilla Firefox 108 (or later)

Mobile device browsers:

  • Apple Safari Mobile 14.7 (or later)
  • Google Chrome on Android 108 (or later)

Web management console system requirements

Table 6: Web kiosk requirements
Component Requirements
Web management console

Desktop browsers:

  • Apple Safari 16.0 for desktop (or later)
  • Google Chrome 108 (or later)
  • Microsoft Edge 108 (or later)
  • Mozilla Firefox 108 (or later)

Platforms and versions follow.

  • You must license the VM with a Microsoft Windows license. We recommend using either the MAK or KMS method. Specific questions about licensing should be directed to your Sales Representative.

  • Supported hypervisors:
    • Microsoft Hyper-V (VHDX) version 8 or higher
    • VMware vSphere with vSphere Hypervisor (ESXi) versions 6.5 or higher
    • VMware Workstation version 13 or higher

  • Minimum resources: 4 CPUs, 10GB RAM, and a 500GB disk. The virtual appliances default deploy does not provide adequate resources. Ensure these minimum resources are met.

Supported platforms

One Identity Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.

SPP tested platforms

The following table lists the platforms and versions that have been tested for SPP (SPP). Additional assets may be added to SPP. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, Other Directory, or Linux selection on the Management tab of the Asset dialog. For more information, see Management tab (add asset).

SPP linked to Safeguard for Privileged Sessions: Sessions platforms

CAUTION: When linking your Safeguard for Privileged Sessions (SPS) deployment to your SPP (SPP) deployment, ensure that the SPS and SPP versions match exactly, and keep the versions synchronized during an upgrade. For example, you can only link SPS version 6.6 to SPP version 6.6, and if you upgrade SPS to version 6.7, you must also upgrade SPP to 6.7.

Make sure that you do not mix Long Term Supported (LTS) and feature releases. For example, do not link an SPS version 6.0.1 to an SPP version 6.1.

When One Identity Safeguard for Privileged Passwords (SPP) is linked with a Safeguard for Privileged Sessions (SPS) appliance, platforms are supported that use one of these protocols:

  • SPP 2.8 or lower: RDP, SSH

  • SPP 2.9 or higher: RDP, SSH, or Telnet

Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.

Table 7: Supported platforms: Assets that can be managed
Platform Name Tested Versions

Supports SPP

Supports SPS Access

ACF2 - Mainframe

ACF2 - Mainframe LDAP r14 zSeries

ACF2 - Mainframe LDAP r15 zSeries

True

True

ACF2 - Mainframe LDAP

ACF2 - Mainframe LDAP r14 zSeries

ACF2 - Mainframe LDAP r15 zSeries

True

False

Active Directory

Active Directory

True

False

AIX

AIX 7.2

AIX 7.3

True

True

Amazon Linux

Amazon Linux 2

Amazon Linux 2022

Amazon Linux Other

True

True

Amazon Web Services

Amazon Web Services 1

True

False

CentOS Linux

CentOS Linux 7

CentOS Linux 8

True

True

Check Point GAiA (SSH)

Check Point GAiA (SSH) R80.30

Check Point GAiA (SSH) R81

True

True

Cisco ASA

Cisco ASA 7.X

Cisco ASA 8.X

Cisco ASA 9.X

True

True

Cisco IOS (510)

Cisco IOS 12.X

Cisco IOS 15.X

Cisco IOS 16.X

True

True

Cisco ISE

Cisco ISE 2.7

Cisco ISE 3

True

False

Cisco ISE CLI

Cisco ISE CLI 2.7

Cisco ISE CLI 3

True

True

Cisco NX-OS

Cisco NX-OS 9.3(7)

Cisco NX-OS 9.3(7a)

True

True

Debian GNU/Linux

Debian GNU/Linux 10

Debian GNU/Linux 11

Debian GNU/Linux 12

True

True

Dell iDRAC

Dell iDRAC 8

Dell iDRAC 9

True

True

eDirectory LDAP

eDirectory LDAP 9.0

True

False

ESXi

ESXi 7.0

ESXi 8.0

True

False

F5 Big-IP

F5 Big-IP 12.1.2

F5 Big-IP 13.0

F5 Big-IP 14.0

F5 Big-IP 15.0

True

True

Fedora

Fedora 37

Fedora 38

True

True

Fortinet FortiOS

Fortinet FortiOS 6.2

Fortinet FortiOS 6.4

Fortinet FortiOS 7.0

Fortinet FortiOS 7.2

Fortinet FortiOS 7.4

True

True

FreeBSD

FreeBSD 12

FreeBSD 13

True

True

HP iLO

HP iLO 4

HP iLO 5

HP iLO 6

True

True

HP iLO MP

HP iLO MP 2

HP iLO MP 3

True

True

HP-UX

HP-UX 11iv3 (B.11.31)

True

True

IBM i

IBM i 7.3

IBM i 7.4

True

True

Junos - Juniper Networks

Junos - Juniper Networks 19

Junos - Juniper Networks 20

Junos - Juniper Networks 21

Junos - Juniper Networks 22

True

True

LDAP

OpenLDAP 2.4

True

False

Linux

 

True

True

macOS

macOS 11

macOS 12

macOS 13

True

True

MongoDB

MongoDB 4.4

MongoDB 5.0

MongoDB 6.0

True

False

MySQL

MySQL 5.7

MySQL 8.0

MySQL 8.1

True

False

Oracle

Oracle 19c

Oracle 21c

True

False

Oracle Linux (OL)

Oracle Linux (OL) 7

Oracle Linux (OL) 8

Oracle Linux (OL) 9

True

True

Other

 

False

False

Other Directory

 

True

False

Other Managed

 

True

False

PAN-OS

PAN-OS 9.1

PAN-OS 10.1

PAN-OS 10.2

True

True

PostgreSQL

PostgreSQL 11

PostgreSQL 12

PostgreSQL 13

PostgreSQL 14

PostgreSQL 15

True

False

RACF - Mainframe

RACF - Mainframe z/OS V2.1 Security Server zSeries

RACF - Mainframe z/OS V2.2 Security Server zSeries

RACF - Mainframe z/OS V2.3 Security Server zSeries

True

True

RACF - RACF - Mainframe LDAP

RACF - Mainframe LDAP z/OS V2.1 Security Server zSeries

RACF - RACF - Mainframe LDAP z/OS V2.2 Security Server zSeries

RACF - RACF - Mainframe LDAP z/OS V2.3 Security Server zSeries

True

False

Red Hat Enterprise Linux (RHEL)

Red Hat Enterprise Linux (RHEL) 7

Red Hat Enterprise Linux (RHEL) 8

Red Hat Enterprise Linux (RHEL) 9

True

True

Red Hat Directory Server

Red Hat Directory Server 11

Red Hat Directory Server 12

True

False

SAP HANA

SAP HANA

SAP HANA 2

True

False

SAP Netweaver Application Server

SAP Netweaver Application Server 7.5

True

False

Safeguard for Privileged Sessions

Safeguard for Privileged Sessions 7.0

True

True

Solaris

Solaris 10

Solaris 11.3

Solaris 11.4

True

True

SonicOS

SonicOS 6.5

SonicOS 7

SonicOSX 7

True

False

SonicWALL SMA or CMS

SonicWALL SMA or CMS 11.3.0

True

False

SQL Server

SQL Server 2012

SQL Server 2014

SQL Server 2016

SQL Server 2017

SQL Server 2019

SQL Server 2022

True

False

SUSE Linux Enterprise Server (SLES)

SUSE Linux Enterprise Server (SLES) 12

SUSE Linux Enterprise Server (SLES) 15

True

True

Sybase (Adaptive Server Enterprise)

Sybase (Adaptive Server Enterprise) 15.7

Sybase (Adaptive Server Enterprise) 16

Sybase (Adaptive Server Enterprise) 17

True

False

Top Secret - Mainframe

Top Secret - Mainframe r14 zSeries

Top Secret - Mainframe r15 zSeries

Top Secret - Mainframe r16 zSeries

True

False

Top Secret - Mainframe LDAP

Top Secret - Mainframe LDAP r14

Top Secret - Mainframe LDAP r15

Top Secret - Mainframe LDAP r16

True

True

Ubuntu

Ubuntu 18.04 LTS

Ubuntu 22.04 LTS

Ubuntu 22.10

Ubuntu 23.04

True

True

VMware vCenter Server

VMware vCenter Server 6.7

VMware vCenter Server 7.0

True

True

Windows Desktop

Windows Desktop (SSH)

Windows Desktop (WinRM)

Windows Server

Windows Server (SSH)

Windows Server (WinRM)

Windows (SSH) 10

Windows (SSH) 11

Windows (SSH) Server 2012

Windows (SSH) Server 2012 R2

Windows (SSH) Server 2016

Windows (SSH) Server 2019

Windows (SSH) Server 2022

Windows 10

Windows 11

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

Windows Server 2022

True

True

Table 8: Supported platforms: Directories that can be searched
Platform Name Platform Version

Microsoft Active Directory

Windows 2008+ DFL/FFL

LDAP

2.4

For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.

IMPORTANT: For the current list of platforms supported by Connect for Safeguard Assets, see the Connect for Safeguard Assets User Guide.

Custom platforms

The following example platform scripts are available:

  • Custom HTTP
  • Linux SSH
  • Telnet
  • TN3270 transports are available

For more information, see Custom platforms and Creating a custom platform script. Custom Platforms and Creating a custom platform script in the Safeguard for Privileged Passwords Administration Guide.

Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:

CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. SPP checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). SPP cannot check the validity or system impact of values entered for custom platforms.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating