Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 5.8.0 - Release Notes

Release Notes

One Identity Safeguard for Privileged Sessions 5.8

Release Notes

November 2018

These release notes provide information about the One Identity Safeguard for Privileged Sessions release.


About this release

Welcome to One Identity Safeguard for Privileged Sessions. This document describes what is new in the latest version of One Identity Safeguard for Privileged Sessions (SPS).

Upgrade to the new release

This is a feature release, which means that it will be supported for 6 months after the release date or 2 months after the release of a succeeding feature release (whichever date is later). It also means that if you are running a previous feature release (such as versions 5 F1 or 5 F2), you have 2 months to upgrade to version 5 F8 if you want to keep running on a supported release.

For a full description of stable and feature releases, open the SPS product page on the Support Portal and navigate to Product Life Cycle & Policies > Product Support Policies > Software Product Support Lifecycle Policy.

Who should upgrade

We recommend you to upgrade to SPS 5 F8, if you are not running SPS on Pyramid hardware and any of the following is true:


Physical SPS appliances based on Pyramid hardware are not supported in 5 F1 and later feature releases. Do not upgrade to 5 F1 or later on a Pyramid-based hardware. The last supported release for this hardware is 5 LTS, which is a long-term supported release.

If you have purchased SPS before August, 2014 and have not received a replacement hardware since then, you have Pyramid hardware, so do not upgrade to SPS 5 F1 or later. If you have purchased SPS after August 2014, you can upgrade to 5 F1.

If you do not know the type of your hardware or when it was purchased, complete the following steps:

  1. Login to SPS.

  2. Navigate to Basic Settings > Troubleshooting > Create debug bundle for support ticket, click Create and save debug bundle from current system state, and save the file.

  3. Open a ticket at

  4. Upload the file you downloaded from SPS in Step 1.

  5. We will check the type of your hardware and notify you.

  • You wish to take advantage of any of the new features.

  • You are running a previous feature release.

  • You are OK with having to continuously upgrade to the latest feature release to remain supported.

    We are releasing new feature releases approximately once every 2 months.


Downgrading from a feature release is not supported. If you upgrade from an LTS release (for example, 4.0) to a feature release (4.1), you have to keep upgrading with each new feature release until the next LTS version (in this case, 5.0) is published.

How to upgrade

For step-by-step instructions on upgrading to SPS 5 F8, see Upgrade Guide.

New features

Central search across clusters

Starting with SPS version 5 F6, it became possible to join multiple SPS nodes into a cluster, monitor their status, and update their configuration from a central location. Starting with this version, when you have a cluster of nodes set up, you have the possibility to search all session data recorded by all nodes in the cluster on a single node. This is achieved by assigning roles to the individual nodes in your cluster: you can set up one of your SPS nodes to be the Search Master and the rest of the nodes to be Search Minions. Search Minions send session data that they record to the Search Master, and the Search Master acts as a central search node. Consult with the Support Team to learn more about network and capacity requirements.

For more information, see "Searching session data on a central node in a cluster" in the Administration Guide.

Detecting script usage with One Identity Safeguard for Privileged Analytics

Through enabling the Safeguard for Privileged Analytics module (licensed separately but can be enabled free for a 2-month trial), it is now possible to detect user accounts that show highly periodic and repetitive behavior that is likely the result of scripted activity.

For more information, see Safeguard for Privileged Analytics Configuration Guide.

Free 2-month trial of One Identity Safeguard for Privileged Analytics available for all users

You can enable One Identity Safeguard for Privileged Analytics for free for 60 days on your SPS host to gain insight into what your users are doing, and how risky their actions are.

For more information, see Safeguard for Privileged Analytics Configuration Guide.

Credential store support for TN3270 protocol

SPS can now be configured to check out passwords from the built-in or external credential stores, such as Safeguard for Privileged Passwords, and play them in during a connection using the TN3270 protocol.

SSH daemon log ingestion

It is now possible to send event logs from SSHD services running on Unix servers to an SPS box, and the login and logout events will be processed to be shown as sessions alongside the recordings made by SPS. This allows security auditors to see the whole picture about all access to critical systems without having to leave the SPS interface.

For more information on how to start ingesting SSH daemon logs, see "Ingesting logs with SPS" in the Administration Guide.


All Plugins have been updated to work with One Identity Safeguard for Privileged Sessions version 5.8.0.

Enhancements to Credential Store plugin for Safeguard for Privileged Passwords

The Credential Store plugin for Safeguard for Privileged Passwords now supports connecting to a cluster of One Identity Safeguard servers. In addition, it is now possible to resolve the IP addresses of target servers to hostnames, and to expand domain names to full domain names when not provided in their FQDN form. For details, see How to connect One Identity Safeguard with One Identity Safeguard for Privileged Sessions.

Integrate with One Identity Total Privileged Access Management (TPAM)

An official plugin is now available that allows using TPAM as an external credential store.

For more information, see How to connect TPAM with One Identity Safeguard for Privileged Sessions.

Other changes

Resolved Issues

The following is a list of issues addressed in this release.

Table 1: General resolved issues
Resolved Issue Issue ID

Using legacy clients with interactive RDP banners crashes the proxy


RDP-related issues when debug logging is enabled


Option in "lucenectl search" CLI tool to override the built-in timeout is available


POST requests on the REST API are vulnerable against session fixation attacks


Password change notification in SPNEGO-enabled RDP connections


Large number of error messages in the logs for HTTP traffic


When the 'Report status' ACL is enabled for a group in the 'AAA > Access Control' menu on an SCB 3 F5, upgrading to SCB 4LTS (or newer versions) will display this entry as '!!! Invalid ACL entry !!!'


Invalid "Error storing XML database" alerts sent


Content-based alerting is now case-insensitive


Unicode string returned for "additional_metadata" by an AA plugin is not handled properly


SSH RSA host key still the default one after REST setup


Unclean reboot of an overloaded appliance could result in the box not being able to reboot


SPS sends non-conformant SNMP traps


When the web login IP address was changed on the UI, the user got locked out


Invalid UTF-8 data received by a credential store plugin not handled properly


Backup, archive and cleanup tasks use a lot of machine resources when many Connection policies use the same Backup or Archive and Cleanup policies

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating