Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 2.4 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords Privileged Sessions What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Why join Safeguard for Privileged Passwords to One Identity Starling

One Identity Starling Two-Factor Authentication is a SaaS solution that provides two-factor authentication on a product enabling organizations to quickly and easily verify a user's identity. This service is provided as part of the One Identity Starling cloud platform. In addition Starling offers a hybrid service, One Identity Hybrid, that allows you to take advantage of companion features from multiple Starling services, such as Starling Two-Factor Authentication and Starling Identity Analytics & Risk Intelligence.

Joining Safeguard for Privileged Passwords to Starling adds Safeguard to the One Identity Hybrid service allowing you to use features from both the Starling Two-Factor Authentication and Starling Identity Analytics & Risk Intelligence services.

Once Safeguard for Privileged Passwords is joined to Starling, the following Safeguard for Privileged Passwords features are enabled and can be implemented using Starling Two-Factor Authentication:

  • Secondary authentication

    Safeguard for Privileged Passwords supports two-factor authentication by configuring authentication providers, such as Starling Two-Factor Authentication, which are used to configure Safeguard for Privileged Passwords's authentication process such that it prompts for two sources of authentication when users log in to Safeguard for Privileged Passwords.

    A Starling 2FA authentication provider is automatically added to Safeguard for Privileged Passwords when you join Safeguard for Privileged Passwords to Starling. As an Authorizer or User Administrator, you must configure users to use Starling 2FA as their secondary authentication provider when logging into Safeguard for Privileged Passwords. For more information, see Configuring user to use Starling Two-Factor Authentication when logging into Safeguard for Privileged Passwords.

  • Approval Anywhere

    The Safeguard for Privileged Passwords Approval Anywhere feature integrates its access request workflow with Starling Two-Factor Authentication, allowing approvers to receive a notification through an app on their mobile device when an access request is submitted. The approver can then approve (or deny) access requests through their mobile device without needing access to the desktop or web application.

    Approval Anywhere is enabled when you join Safeguard for Privileged Passwords to One Identity Starling. As a Security Policy Administrator, you must define the Safeguard for Privileged Passwords users authorized to use Approval Anywhere. For more information, see Adding authorized user for Approval Anywhere.

How do I set up a Starling account

To use Starling Two-Factor Authentication as an authentication provider for secondary authentication and Approval Anywhere, you must first register a Starling Organization Admin account or a Collaborator account associated with the One Identity Hybrid subscription. Also, you must download the Starling 2FA app on your mobile phone to use the Approval Anywhere feature.

NOTE: For additional information and documentation regarding the Starling Cloud platform and Starling Two-Factor Authentication, see https://support.oneidentity.com/starling-two-factor-authentication/hosted/technical-documents.

To sign up for a Starling One Identity Hybrid service trial account

  1. Go to https://www.cloud.oneidentity.com/ and log in or register a new account for the Starling cloud platform.
    1. From the Starling home page, click Sign in to Starling.
    2. Enter a valid email address and click Next.
    3. Enter your password and click Sign In.
    4. On the Create your Account page, enter your organization and your mobile phone number.

    NOTE: If the email address you entered does not exist, you will be taken directly to the Create your Account page to register your organization and enter your name, password, and mobile phone number.

    When registering for the first time, you will be sent a verification email in which you must click the supplied link in order to complete the registration process.

  2. Once logged in, click the Trial button under the One Identity Hybrid tile. Follow the prompts on the screen.

    The service will be added to the My Services section and be available for use until the trial period has ended. The number of days left in your trail is indicated by a countdown at the top right of the service access button on the home page of Starling. At any point in the trial you can use the More Information button associated with the service to find out how to purchase the product.

Safeguard Desktop Player

The Safeguard for Privileged Passwords Desktop Player is installed with the Windows desktop client. When the player is launched from the desktop client, the recording is being streamed from the Safeguard appliance. It only exists on the disk for the lifetime of the player session. That is, when you shut down the player, the recording file is removed from the cache.

When you launch the Safeguard for Privileged Passwords Desktop Player, the main view displays, which consists of the following tabbed pages:

  • Information: Displays detailed information about the recorded session and allows you to play back the recording.
  • Warnings: Displays warnings associated with the recording.
Information tab

The information tab displays the following details for the session recording.

Table 280: Safeguard Desktop Player: Information tab
Control Description
Session recording location

Displays the path of where the recording is currently stored.

Thumbnail

Click the thumbnail in the right corner of the screen to play back the recording.

NOTE: The thumbnail is only available for RDP Drawing and SSH Session Shell channels.

NOTE: A blinking red recording button in the upper right corner of the thumbnail indicates that the session is "live" allowing you watch the session in follow mode. Follow mode is only available to users with Security Policy Administrator permissions.

Validation indicators

The Safeguard for Privileged Passwords Desktop Player checks the upstream and downstream traffic from the recording and validates the digital signature and timestamp. The indicators across the top of the screen show the results of this validation process, where all indicators should display a green check mark.

If the Signature or Timestamp indicators are red Xs, this indicates that the corresponding certificate has not been validated. For more information, see Sessions Certificates.

Recording details

Displays details about the recording, such as:

  • Date
  • Duration
  • File size
  • Session ID
User Displays the name of the user that authenticated to the remote machine..
Connections Displays connection information, including the address and port of client computer and the remote machine.
Channels

The Channels pane displays the different types of data streams available for a recorded session.

An SSH session recording will contain a single channel. Valid channels for an SSH session recording are:

  • Session Shell: This is the only SSH channel that can be played back using the desktop player and it contains the actions performed during the session.
  • Session SFTP: Contains data that was transferred using the Secure File Transfer protocol (SFTP). Since this is a file transfer protocol, there is no recording file available for play back.

    NOTE: This channel is only available when Allow SFTP is selected on the Sessions Settings tab in an access request policy.

  • Session SCP: Contains data that was transferred using the Secure Copy protocol (SCP). Since this is a file transfer protocol, there is no recording file available for play back.

    NOTE: This channel is only available when Allow SCP is selected on the Sessions Settings tab in an access request policy.

  • X11: Use this channel to play back the graphical X-server session that was forwarded from the server to the client.

    NOTE: This channel is only available when Allow X11 Following is selected on the Sessions Settings tab in an access request policy.

An RDP session may contain multiple channels. Valid channels for an RDP session recording are:

  • Clipboard: Contains any data that was transferred through the clipboard; there is no recording file available for play back.

    NOTE: This channel is only available when Allow Clipboard is selected on the Session Settings tab in an access request policy.
  • Drawing: All RDP sessions will have a Drawing channel, which contains the actions taken during the session. This type of channel is most likely to be replayed.
  • Sound: Contains any audio associated with the recording.

Click (or tap) the Play button next to the channel to play back the session recording.

Clicking the expansion button next to a channel displays a list of key details. For a description of these keys and values, see Key descriptions.

Warning tab

The warning tab displays any warnings encountered when opening and processing the recording.

Toolbar

Use the toolbar buttons located at the top of the main view as described below.

Table 281: Safeguard Desktop Player toolbar
Option Description

Back

Displays the previous view. For example, if you clicked play and are in the video view, clicking this button returns you to the recording information view.

NOTE: When no recording is loaded, there is an additional view that prompts you to drag and drop a recording file onto the player. Once you add the recording file, the recording information view displays.

Play Channel

Plays back the selected sessions recording.

NOTE: This button is disabled in follow mode.

NOTE: For more information on navigating the video view, see Recording navigation.

Export Video

Exports the sessions recording file as a video file (WEBM format).

NOTE: To play back the WEBM video, use any standard video player, such as the one available with Firefox or Google Chrome.

Settings

Allows you to import keys and certificates, access the One Identity support web site for help, and view version information about the player.

Recording navigation

Once the play back window opens you can use the controls at the bottom of the screen or keyboard shortcuts to navigate through the recording.

Recording navigation controls

Use the controls at the bottom of the screen to navigate through the sessions recording.

Table 282: Navigation controls: Playback mode
Control Action

Timeline

Shows you where you are within the recording. The timeline can also show indicators for user events that occurred during a recorded session. Clicking an indicator on the timeline takes you to the relevant user event in the recording.

For more information on showing or hiding the user event indicators on the timeline, see Configure seeker indicators below.

Play speed

Allows you to increase or decrease the replay speed.

Skip back

Allows you to jump back to the previous user event in the recording.

Play

Pause

Play allows you to play the recording.

Pause allows you pause the recording.

Skip forward

Allows you to jump forward to the next user event in the recording.

Closed Captioning

Allows you to display subtitles for the video that list user events as they occurred within the recorded session.

User events that may appear as subtitles include windows titles, executed commands, mouse activity, and keystrokes.

Configure seeker indicators

Allows you to configure the visibility of user event indicators on the timeline. To show a user event indicator move the toggle to the right; to hide a user event indicator move the toggle to the left.

NOTE: The type of user events that can be included in the timeline depends on the type of session:

  • RDP: Windows titles, keystrokes, mouse activity, and on-screen changes
  • SSH: Commands, keystrokes, and on-screen changes

Scaled video

Allows you to view the recording in a smaller or larger window. Clear this check box to play the video using the original resolution.

NOTE: The video is rendered at the same resolution as the original session. This setting adjusts the video size based on the size of the viewing screen.

When you are watching a "live" session, the playback navigation controls are replaced with different follow mode navigation controls.

NOTE: Follow mode is only available to users with Security Policy administrator permissions.
Table 283: Navigation controls: Follow mode
Control Action
Terminate Allows you to end the current session you are following.
Live Indicates you are following a "live" session.
Keyboard shortcuts

You can also use the following shortcut keys to navigate through the recording.

Table 284: Keyboard shortcuts: Playback mode
Shortcut keys Action
SPACE Play/pause recording
Ctrl+Z Enable video scaling
f Toggle full screen replay
[ Decrease replay speed
] Increase replay speed
= Reset replay speed
Shift + Left Arrow Jump backwards - short
Alt + Left Arrow Jump backwards - medium
Ctrl + Left Arrow Jump backwards - long
Shift + Right Arrow Jump forward - short
Alt + Right Arrow Jump forward - medium
Ctrl + Right Arrow Jump forward - long
Related Documents