Release Notes
One Identity Safeguard for Privileged Sessions 5.10
Release Notes
March 2019
These release notes provide information about the One Identity Safeguard for Privileged Sessions 5 F10 release.
Topics:
About this release
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
The privileged management software provided with One Identity Safeguard consists of the following modules:
- One Identity Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
-
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
- One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
For details on this release, see New features.
|
|
NOTE:
For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide. |
New features
Join to Starling
You can now join SPS to One Identity Starling. One Identity Starling helps to combine products from the One Identity line to create a secure and customizable cloud service. For details on One Identity Starling, see Starling - Technical Documentation.
For more information, see "Joining to One Identity Starling" in the Administration Guide.
Install the Safeguard Desktop Player application on Mac
It is now possible to install the Safeguard Desktop Player application on Mac.
For more information, see "Install Safeguard Desktop Player on Mac" in the Safeguard Desktop Player User Guide.
Windows 2019 Server support
SPS now supports Windows 2019 Server as a client and server in RDP sessions.
Session cookies in HTTP auditing
SPS can now distinguish the audited HTTP requests and responses based on the session cookies of web applications. For details, see "Creating and editing protocol-level HTTP settings" in the Administration Guide.
REST API
-
Search, download and index sessions section restructure
The Search, download and index sessions section has been restructured and updated in the SPS REST API.
For more information, see "Search, download, and index sessions" in the REST API Reference Guide.
-
HTTP connection policies can now be configured through REST
The endpoint is now writable and allows create, update and delete.
For more information, see "HTTP connections" in the REST API Reference Guide.
-
The user now has the same privileges on the web UI and REST API
For the user to have full access over the SPS REST API, they must have the REST server privilege. The user privileges on the web UI and REST API are now synchronized. For example, if the user has the ICA Control / Connections privilege then they can access this page on the web UI and also the /api/configuration/ica/connections endpoint on the REST API.
For more information, see "Authenticate to the SPS REST API" in the REST API Reference Guide.
-
Changes to audit data access rules (ADAR) on REST
The endpoint can only be queried and is not writable. It does not allow create, update, or delete.
For more information, see "Audit data access rules" in the REST API Reference Guide.
New documents
-
The Creating custom Authentication and Authorization plugins document is now publicly available. This document describes how to create custom Authentication and Authorization plugins.
-
The Creating custom Credential Store plugins document is now publicly available. This document describes how to create custom Credential Store plugins.
Deprecated features
The following is a list of features that are no longer supported starting with SPS 5.10.
-
SSLv3 encryption is not supported in SPS version 5.10 and later. This has the following effects:
-
You cannot configure SPS if your browser does not support at least TLSv1.
-
If you are auditing HTTP, Telnet or VNC sessions that use TLS encryption, the client- and server applications must support at least TLSv1.
-
-
Support for X.509 host certificates is deprecated. This feature will be removed from SPS version 6 LTS (6.0). One Identity recommends using public keys instead.
-
Support for DSA keys is deprecated. This feature will be removed from SPS version 6 LTS (6.0). One Identity recommends using RSA keys instead.