Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.10.0 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS)
The philosophy of One Identity Safeguard for Privileged Sessions (SPS) Policies Credential Stores Plugin framework Indexing Supported protocols and client applications Modes of operation Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS) Archive and backup concepts Maximizing the scope of auditing IPv6 in One Identity Safeguard for Privileged Sessions (SPS) SSH host keys Authenticating clients using public-key authentication in SSH The gateway authentication process Four-eyes authorization Network interfaces High Availability support in One Identity Safeguard for Privileged Sessions (SPS) Versions and releases of One Identity Safeguard for Privileged Sessions (SPS) Accessing and configuring One Identity Safeguard for Privileged Sessions (SPS)
The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Using plugins Forwarding data to third-party systems Starling integration
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings MSSQL-specific settings RDP-specific settings SSH-specific settings Using Sudo with SPS Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help Configuring SPS to use an LDAP backend Glossary

Report output

The output of the reports are available in PDF format.

The reports enable you to check the sessions that contain the configured search expressions. For security reasons, the relevant sessions are available through links to avoid including the session details directly in the report. You can open the related sessions using one of the following methods:

  • Clicking the link in the Sessions key column of the table
  • Clicking the QR code
  • Clicking the link provided with the QR code
Searching by sessions keys

From the report, you can access the relevant sessions on the Search interface by clicking the link in the Sessions key column.

NOTE: If clicking on the sessions key does not work, for example, because the IP address of your SPS has changed, you can still use the key to access the relevant session as follows:

  1. Copy the key from the Sessions key column, for example, svc-uXG6ciAkstSanfD8YhGHXVddavid-7 as shown in the following example.
  2. Create a link, using the IP address of your SPS and the sessions key in the following format: 

    https://<your-SPS-IP>/portal/#/audit/sessions/<sessions-key>

    For example, if using the following example and an SPS with an IP address of 10.10.10.10, the link is https://10.10.10.10/portal/#/audit/sessions/svc-uXG6ciAkstSanfD8YhGHXV-ddavid-7

Figure 342: Reporting > Download reports — Accessing sessions from the PDF output

Accessing screenshots from the report output using QR codes

NOTE: The screenshots of the sessions containing the search keywords are not included in the report output for security reasons, but you can access the screenshots by using the clickable QR codes.

Alternatively, you can click the link provided with the QR codes, which makes it possible to display the link text if the report is printed on paper.

Figure 343: Example of a clickable QR code in the report output

The One Identity Safeguard for Privileged Sessions (SPS) RPC API

NOTE:

The RPC API is deprecated as of One Identity Safeguard for Privileged Sessions (SPS) 5 F7 and will be removed in an upcoming feature release. One Identity recommends using the REST API instead.

Version 3 F3 and later of One Identity Safeguard for Privileged Sessions can be accessed using a Remote-Procedure Call Application Programming Interface (RPC API).

The SPS RPC API allows you to access, query, and manage SPS from remote applications. You can access the API using the Simple Object Access Protocol (SOAP) protocol over HTTPS, meaning that you can use any programming language that has access to a SOAP client to integrate SPS to your environment. You can download simple, proof-of-concept clients for Python and other languages from the SPS web interface.

Accessing SPS with the RPC API offers several advantages:

  • Integration into custom applications and environments

  • Flexible, dynamic search queries and management

Topics:

Requirements for using the RPC API

To access One Identity Safeguard for Privileged Sessions (SPS) using the RPC API, the following requirements must be met:

  • Accessing the appliance via the RPC API must be enabled on the web interface. For details, see Enabling RPC API access to One Identity Safeguard for Privileged Sessions (SPS).

  • The appliance can be accessed using the SOAP protocol over authenticated HTTPS connections. The WSDL describing the available services is available at https://<ip-address-of-SPS>/rpc.php/<techversion>?wsdl. For details on the client libraries tested with SPS see RPC client requirements.

  • The user account used to access SPS via RPC must have read and write/perform rights for the Access RPC API privilege. This is required for every type of RPC access, even for read-only operations. Members of the api group automatically have this privilege. For details on managing user privileges, see Modifying group privileges.

Caution:

Each SPS release provides a separate API with a new API version number. You are recommended to use the SPS version 6.10.0 with the corresponding API version. Earlier versions are not supported

RPC client requirements

The client application used to access One Identity Safeguard for Privileged Sessions (SPS) must meet the following criteria:

  • Support SOAP version 1.1 or later.

  • Support WSDL version 1.1.

  • Properly handle complex object types.

  • Include a JSON decoder for interpreting the results of search operations.

The following client libraries have been tested with SPS.

Table 30: SOAP libraries tested with SPS
Client name Programming language Status Comments
Apache Axis 1 Java Working
Built-in .NET library .NET Working

SPS does not support the Expect HTTP Header feature, and must be disabled, for example, using System.Net.ServicePointManager.Expect100Continue = false;

Scio Python Partially working Does not handle complex object types, so it cannot perform search queries.
SOAP::Lite Perl Working
  • Simple types can be used with the following format: $service->$method(@params)

  • Complex types work only with the following format: $service->call($method, @params)

  • Calls using the $service->call() format seem to work after doing at least one $service->$method(@params) call, for example, a login.

SOAP::WSDL Perl Not working
Suds Python Working
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating