Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.0.9 - Release Notes

New features between SPS 5.1 and 5.11 - RDP

RDP improvements

You can now display a banner to your clients in RDP sessions. For example, this banner can inform the users that the connection is audited. For details, see "Creating and editing protocol-level RDP settings" in the Administration Guide.

Figure 7: Graphical banner in RDP

The Authentication and Authorization plugins now can request information interactively from the user in a graphical window, for example, a ticket ID, or a one-type password. To request a plugin that interoperates with your authentication or authorization system, contact our Support Team.

If the server requires Network Level Authentication and the Allow me to save credentials option is not selected in the RDP client, SPS now automatically displays a graphical prompt where the users can enter their usernames and passwords.

Figure 8: Server-side login in RDP

Interactive RDP improvements

When using inband destination selection, your users now do not have to encode any data in the username: SPS can display an interactive prompt in the RDP connection to request the address of the destination server, username, and other required information. For details, see "Inband destination selection in RDP connections" in the Administration Guide.

As a smaller improvement, SPS now supports using certificate chains in the signing CA used for RDP connections.

TLS-encryption for RDP connections

Enabling TLS-encryption in an RDP connection policy has been simplified. When the connection is encrypted, SPS has to show a certificate to the peer. You can define the type of certificate to show to the peers.

In case of compatibility issues, you also have the option to allow fallback to legacy RDP Security Layer (also known as: Standard RDP Security). However, it is not advised due to security reasons.

For more information, see "Enabling TLS-encryption for RDP connections" in the Administration Guide.

Windows 2019 Server support

SPS now supports Windows 2019 Server as a client and server in RDP sessions.

Certificate Revocation Lists (CRLs) in signing CAs

It is now possible to configure the CRL that you generated using your Certificate Authority (CA) in your Public Key Infrastructure (PKI) solution. This is the CRL information that will be shown to clients connecting to SPS. For more information, see "Signing certificates on-the-fly" in the Administration Guide.

New features between SPS 5.1 and 5.11 - web interface

Required minimum version of encrypted protocol

You can now configure the required minimum version of the default web listener.

The default setting is TLS 1.2. You can configure SPS to use TLS 1.0, but it is not advised, because there are known serious attacks against TLS (for details, see: https://tools.ietf.org/html/rfc7457).

For more information, see "Configuring user and administrator login addresses" in the Administration Guide.

Boot messages and upgrade logs displayed on web interface

In addition to displaying upgrade logs and boot messages on the local console, SPS now shows information about the upgrade and reboot processes on the web interface, too. The information displayed in the browser and on the console is the same. For details, see "Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown" in the Administration Guide and "Upgrade checklist" in the Administration Guide.

NOTE:

This feature is enabled after the first boot to version 5 F2 or later. So during the upgrade from 5.0 to version 6.0, you will not be able to see any upgrade logs on the web interface.

Maximum Transmission Unit (MTU) for network interfaces

To support deployment in more complex networking environments, it is now possible to set the MTU for each network interface individually. For details, see "Network settings" in the Administration Guide and "Managing logical interfaces" in the Administration Guide.

Other changes

New features between SPS 5.1 and 5.11 - REST API

Sessions schema change in REST API

In order to better integrate SPS with One Identity Safeguard for Privileged Analytics, some architectural changes have been introduced. These changes have brought alterations for the sessions schema of the REST API. As a result, REST responses have changed in the case of the following endpoints:

Enhancements

The following is a list of enhancements implemented in SPS 6.0.

Table 1: General enhancements
Enhancement Issue ID

Created PDF reports have been enhanced with the others label and others subsection, which indicate that more data is available but cannot be displayed in the report unless the search is further refined.

 

The "Top X" predefined report subchapters now include the others label, which indicates that more data is available but cannot be displayed in the report unless the search is further refined.

 
   
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating