“Welcome, Balabit customers to One Identity Support Portal click here for for frequently asked questions regarding servicing your supported assets.”

One Identity Safeguard for Privileged Sessions 5.7.0 - Administration Guide

Preface Introduction The concepts of Safeguard for Privileged Sessions The Welcome Wizard and the first login Basic settings User management and access control Managing Safeguard for Privileged Sessions
Controlling Safeguard for Privileged Sessions: reboot, shutdown Managing Safeguard for Privileged Sessions clusters Managing a high availability Safeguard for Privileged Sessions cluster Upgrading Safeguard for Privileged Sessions Managing the Safeguard for Privileged Sessions license Accessing the Safeguard for Privileged Sessions console Sealed mode Out-of-band management of Safeguard for Privileged Sessions Managing the certificates used on Safeguard for Privileged Sessions
General connection settings HTTP-specific settings ICA-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search (classic) interface Using the Search interface Searching session data on a central node in a cluster Advanced authentication and authorization techniques
Configuring usermapping policies Configuring gateway authentication Configuring 4-eyes authorization Using credential stores for server-side authentication Integrating external authentication and authorization systems Ingesting logs with SPS Creating a custom plugin
Reports The Safeguard for Privileged Sessions RPC API The Safeguard for Privileged Sessions REST API Safeguard for Privileged Sessions scenarios Troubleshooting Safeguard for Privileged Sessions Configuring external devices Using SCP with agent-forwarding Security checklist for configuring Safeguard for Privileged Sessions Jumplists for in-product help Third-party contributions About us

Preface

Welcome to the One Identity Safeguard for Privileged Sessions 5 F7 Administrator Guide!

This document describes how to configure and manage the One Identity Safeguard for Privileged Sessions (Safeguard for Privileged Sessions). Background information for the technology and concepts used by the product is also discussed.


Was this topic helpful?

[Select Rating]



About this document

This guide is a work-in-progress document with new versions appearing periodically.

The latest version of this document can be downloaded from the Safeguard for Privileged Sessions Documentation page.


Was this topic helpful?

[Select Rating]



Summary of changes

Version 5 F6 - 5 F7
Changes in product:
Changes in documentation:
Version 5 F5 - 5 F6
Changes in product:
  • When you have a set of two or more One Identity Safeguard for Privileged Sessions instances in your deployment, you now have the possibility to join them into a cluster, and manage them from one central location. You can monitor their status and update their configuration centrally. For details, see Managing Safeguard for Privileged Sessions clusters.

  • In the Search interface, it is now possible to use the flow view for a quick visualization of the session activities. For details, see Using the Search interface.

  • It is now possible to specify an accuracy level for Optical Character Recognition (OCR). For details, see Configuring the internal indexer.

Version 5 F4 - 5 F5
Changes in product:
  • It is now possible to specify the base DN of LDAP subtrees for users and for groups separately. Specifying a sufficiently narrow base for the LDAP subtrees can speed up LDAP operations. For details, see Managing Safeguard for Privileged Sessions users from an LDAP database and Authenticating users to an LDAP server.

  • You now have the option to configure connection policies with near real-time indexing priority, meaning that you can start indexing sessions while they are still ongoing. This requires that you configure your indexers with the appropriate settings and capabilities. For details, see Configuring the internal indexer and Configuring the external indexer.

  • It is now possible to use a hardware security module (HSM) or a smart card to store the decryption keys required for decrypting audit trails when using an external indexer. For details, see Indexing audit trails.

  • In the Search interface, it is now possible to display statistics, analyze data using Privileged Account Analytics, and use the timeline for a quick time range selection. For details, see Using the Search interface.

  • The documentation of the obsolete Audit Player application has been removed from the document. For the documentation of the Safeguard Desktop Player application, see Safeguard Desktop Player User Guide.

Version 5 F3 - 5 F4
Changes in product:
Changes in documentation:
Version 5 F2 - 5 F3
Changes in product:
  • Safeguard for Privileged Sessions's RESTful API has been enhanced with the following new functionalities:

  • In order to better integrate PSM with Privileged Account Analytics, some architectural changes have been introduced. For more information, see REST API Reference Guide.

  • Enabling TLS-encryption in an RDP connection policy has been simplified. When the connection is encrypted, Safeguard for Privileged Sessions has to show a certificate to the peer. You can define the type of certificate to show to the peers. For details, see Enabling TLS-encryption for RDP connections.

  • You can now configure the required minimum version of the default web listener. The default setting is TLS 1.2. For details, see Configuring user and administrator login addresses.

  • You can now select the depth of indexing: lightweight and full indexing. Lightweight indexing is now enabled by default, you only have to configure it if you want full indexing. Lightweight indexing is faster than full indexing, and indexes only Command and Window title events. It does not index any other screen content (for example, text that is displayed in a terminal or that appears in an RDP window). For details, see Configuring the internal indexer.

  • RDP 4 and RDP 5 have been removed from Creating and editing protocol-level RDP settings.

  • The Audit Player application can now replay audit trails that contain graphical X11 sessions (the contents of the X11 Forward channel of the SSH protocol). For further details, see .

  • Plugin configuration files in debug bundle: When creating debug bundles for troubleshooting purposes, PSM now includes the configuration files of any plugins installed. For details, see "Collecting logs and system information for error reporting" in the Administration Guide.

Changes in documentation:
Version 5 F1 - 5 F2
Changes in product:
Changes in documentation:
Version 5 LTS - 5 F1
Changes in product:

Was this topic helpful?

[Select Rating]



Feedback

Any feedback is greatly appreciated, especially on what else this document should cover. General comments, errors found in the text, and any suggestions about how to improve the documentation is welcome at documentation@balabit.com.


Was this topic helpful?

[Select Rating]



Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents