Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 7.1.1 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS)
The philosophy of One Identity Safeguard for Privileged Sessions (SPS) Policies Credential Stores Plugin framework Indexing Supported protocols and client applications Modes of operation Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS) Archive and backup concepts Maximizing the scope of auditing IPv6 in One Identity Safeguard for Privileged Sessions (SPS) SSH host keys Authenticating clients using public-key authentication in SSH The gateway authentication process Four-eyes authorization Network interfaces High Availability support in One Identity Safeguard for Privileged Sessions (SPS) Versions and releases of One Identity Safeguard for Privileged Sessions (SPS) Accessing and configuring One Identity Safeguard for Privileged Sessions (SPS)
Cloud deployment considerations The Welcome Wizard and the first login Basic settings
Supported web browsers The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving Cleaning up audit data Using plugins Forwarding data to third-party systems Starling integration
User management and access control
Login settings Managing One Identity Safeguard for Privileged Sessions (SPS) users locally Setting password policies for local users Managing local user groups Managing One Identity Safeguard for Privileged Sessions (SPS) users from an LDAP database Authenticating users to a RADIUS server Authenticating users with X.509 certificates Authenticating users with SAML2 Managing user rights and usergroups Creating rules for restricting access to search audit data Displaying the privileges of users and user groups Listing and searching configuration changes
Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing One Identity Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings MSSQL-specific settings RDP-specific settings SSH-specific settings Using Sudo with SPS Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS)
Network troubleshooting Gathering data about system problems Viewing logs on One Identity Safeguard for Privileged Sessions (SPS) Changing log verbosity level of One Identity Safeguard for Privileged Sessions (SPS) Collecting logs and system information for error reporting Collecting logs and system information of the boot process for error reporting Support hotfixes Status history and statistics Troubleshooting a One Identity Safeguard for Privileged Sessions (SPS) cluster Understanding One Identity Safeguard for Privileged Sessions (SPS) RAID status Restoring One Identity Safeguard for Privileged Sessions (SPS) configuration and data VNC is not working with TLS Configuring the IPMI from the BIOS after losing IPMI password Incomplete TSA response received Using UPN usernames in audited SSH connections
Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help Configuring SPS to use an LDAP backend Glossary

Archiving the collected data

To configure data archiving, assign an archive policy to the connection.

Prerequisites

You have to configure an archive policy before starting this procedure. For details, see Archiving.

To assign an archive policy to the connection

  1. Navigate to the connection (for example, to SSH Control > Connections).

  2. Select the connection.

  3. Select the archive policy you want to use in the Archive policy field.

  4. Click .

  5. Optional: To start the archiving process immediately, click Archive now. This functionality works only after a corresponding policy has been configured.

Cleaning up audit data

One Identity Safeguard for Privileged Sessions (SPS) can automatically archive audit trails older than a specified retention time. However, the .zat file and the metadata of the corresponding connections are not deleted from the SPS connection database. Deleting the stored data of old connections decreases the size of the database, making searches faster, and may also be required by certain policies or regulations.

In an audit data cleanup policy, you can specify the period after which the .zat file and the metadata is deleted. You can also provide a lucene query, with which you can specify which sessions you want to delete. For example, using the lucene query, you can create a filter for a specific protocol.

For more information, see Configuring cleanup policies.

Configuring cleanup policies

In an audit data cleanup policy, you can specify the period after which the .zat file and the metadata is deleted. You can also provide a lucene query, with which you can specify which sessions you want to delete. For example, using the lucene query, you can create a filter for a specific protocol.

To add a new audit data cleanup policy

  1. Navigate to Policies > Audit Data Cleanup Policies.

  2. Select Add new audit data cleanup policy.

    Figure 73: Policies > Audit Data Cleanup Policies — Configuring an audit data cleanup policy

  3. In Policy name, specify a unique name for the audit data cleanup policy.

  4. In Audit data query, which is a lucene query, specify to which audit data the cleanup policy applies.

    To fill this query, specify, for example, a field and the related term. Optionally, you may add a boolean operator and specify another field and related term. For example, to specify the audit data of the SSH protocol and the ssh-connection-policy connection policy to be cleaned up, in Audit data query, type protocol:SSH AND recording.connection_policy:ssh-connection-policy

  5. In the Audit data retention period field, enter how long (in days) SPS must keep the .zat file and the metadata. For example, if you specify 365, SPS will delete the audit data of connections older than a year.

    The minimum value for this field is 90. There is no maximum value for this field.

    NOTE: The database cleanup occurs once a day at 22:01 PM.

    NOTE: Since the database cleanup happens once a day at 22:01 PM, if you specify the same retention time for an archive policy, for example, 90 days in the Audit data retention period field, ensure that the archiving is set to start before 22:01 PM.

  6. To save your changes, click Commit changes.

  7. Optionally, repeat the steps to create new audit data cleanup policies for other protocols and connections.

Expected outcome

Every day, SPS deletes the .zat file and the metadata of connections that are older than the given cleanup time from the connection database.

Using plugins

To download the official plugins for your product version, navigate to the product page on the Support Portal. The official plugins are also available on GitHub .

To write your own custom plugin, feel free to use our Plugin SDK.

Figure 74: Basic Settings > Plugins — Viewing the uploaded plugins

The following plugin types can be uploaded to SPS:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating