Chat now with support
Chat with Support

One Identity Safeguard 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Safeguard Desktop Player

The Safeguard for Privileged Passwords Desktop Player is installed with the Windows desktop client. When the player is launched from the desktop client, the recording is being streamed from the Safeguard appliance. It only exists on the disk for the lifetime of the player session. That is, when you shut down the player, the recording file is removed from the cache.

When you launch the Safeguard for Privileged Passwords Desktop Player, the main view displays, which consists of the following tabbed pages:

  • Information: Displays detailed information about the recorded session and allows you to play back the recording.
  • Warnings: Displays warnings associated with the recording.
Information tab

The information tab displays the following details for the session recording.

Table 280: Safeguard Desktop Player: Information tab
Control Description
Session recording location

Displays the path of where the recording is currently stored.

Thumbnail

Click the thumbnail in the right corner of the screen to play back the recording.

NOTE: The thumbnail is only available for RDP Drawing and SSH Session Shell channels.

NOTE: A blinking red recording button in the upper right corner of the thumbnail indicates that the session is "live" allowing you watch the session in follow mode. Follow mode is only available to users with Security Policy Administrator permissions.

Validation indicators

The Safeguard for Privileged Passwords Desktop Player checks the upstream and downstream traffic from the recording and validates the digital signature and timestamp. The indicators across the top of the screen show the results of this validation process, where all indicators should display a green check mark.

If the Signature or Timestamp indicators are red Xs, this indicates that the corresponding certificate has not been validated. For more information, see Sessions Certificates.

Recording details

Displays details about the recording, such as:

  • Date
  • Duration
  • File size
  • Session ID
User Displays the name of the user that authenticated to the remote machine..
Connections Displays connection information, including the address and port of client computer and the remote machine.
Channels

The Channels pane displays the different types of data streams available for a recorded session.

An SSH session recording will contain a single channel. Valid channels for an SSH session recording are:

  • Session Shell: This is the only SSH channel that can be played back using the desktop player and it contains the actions performed during the session.
  • Session SFTP: Contains data that was transferred using the Secure File Transfer protocol (SFTP). Since this is a file transfer protocol, there is no recording file available for play back.

    NOTE: This channel is only available when Allow SFTP is selected on the Sessions Settings tab in an access request policy.

  • Session SCP: Contains data that was transferred using the Secure Copy protocol (SCP). Since this is a file transfer protocol, there is no recording file available for play back.

    NOTE: This channel is only available when Allow SCP is selected on the Sessions Settings tab in an access request policy.

  • X11: Use this channel to play back the graphical X-server session that was forwarded from the server to the client.

    NOTE: This channel is only available when Allow X11 Following is selected on the Sessions Settings tab in an access request policy.

An RDP session may contain multiple channels. Valid channels for an RDP session recording are:

  • Clipboard: Contains any data that was transferred through the clipboard; there is no recording file available for play back.

    NOTE: This channel is only available when Allow Clipboard is selected on the Session Settings tab in an access request policy.
  • Drawing: All RDP sessions will have a Drawing channel, which contains the actions taken during the session. This type of channel is most likely to be replayed.
  • Sound: Contains any audio associated with the recording.

Click the Play button next to the channel to play back the session recording.

Clicking the expansion button next to a channel displays a list of key details. For a description of these keys and values, see Key descriptions.

Warning tab

The warning tab displays any warnings encountered when opening and processing the recording.

Toolbar

Use the toolbar buttons located at the top of the main view as described below.

Table 281: Safeguard Desktop Player toolbar
Option Description

Back

Displays the previous view. For example, if you clicked play and are in the video view, clicking this button returns you to the recording information view.

NOTE: When no recording is loaded, there is an additional view that prompts you to drag and drop a recording file onto the player. Once you add the recording file, the recording information view displays.

Play Channel

Plays back the selected sessions recording.

NOTE: This button is disabled in follow mode.

NOTE: For more information on navigating the video view, see Recording navigation.

Export Video

Exports the sessions recording file as a video file (WEBM format).

NOTE: To play back the WEBM video, use any standard video player, such as the one available with Firefox or Google Chrome.

Settings

Allows you to import keys and certificates, access the One Identity support web site for help, and view version information about the player.

Recording navigation

Once the play back window opens you can use the controls at the bottom of the screen or keyboard shortcuts to navigate through the recording.

Recording navigation controls

Use the controls at the bottom of the screen to navigate through the sessions recording.

Table 282: Navigation controls: Playback mode
Control Action

Timeline

Shows you where you are within the recording. The timeline can also show indicators for user events that occurred during a recorded session. Clicking an indicator on the timeline takes you to the relevant user event in the recording.

For more information on showing or hiding the user event indicators on the timeline, see Configure seeker indicators below.

Play speed

Allows you to increase or decrease the replay speed.

Skip back

Allows you to jump back to the previous user event in the recording.

Play

Pause

Play allows you to play the recording.

Pause allows you pause the recording.

Skip forward

Allows you to jump forward to the next user event in the recording.

Closed Captioning

Allows you to display subtitles for the video that list user events as they occurred within the recorded session.

User events that may appear as subtitles include windows titles, executed commands, mouse activity, and keystrokes.

Configure seeker indicators

Allows you to configure the visibility of user event indicators on the timeline. To show a user event indicator move the toggle to the right; to hide a user event indicator move the toggle to the left.

NOTE: The type of user events that can be included in the timeline depends on the type of session:

  • RDP: Windows titles, keystrokes, mouse activity, and on-screen changes
  • SSH: Commands, keystrokes, and on-screen changes

Scaled video

Allows you to view the recording in a smaller or larger window. Clear this check box to play the video using the original resolution.

NOTE: The video is rendered at the same resolution as the original session. This setting adjusts the video size based on the size of the viewing screen.

When you are watching a "live" session, the playback navigation controls are replaced with different follow mode navigation controls.

NOTE: Follow mode is only available to users with Security Policy administrator permissions.
Table 283: Navigation controls: Follow mode
Control Action
Terminate Allows you to end the current session you are following.
Live Indicates you are following a "live" session.
Keyboard shortcuts

You can also use the following shortcut keys to navigate through the recording.

Table 284: Keyboard shortcuts: Playback mode
Shortcut keys Action
SPACE Play/pause recording
Ctrl+Z Enable video scaling
f Toggle full screen replay
[ Decrease replay speed
] Increase replay speed
= Reset replay speed
Shift + Left Arrow Jump backwards - short
Alt + Left Arrow Jump backwards - medium
Ctrl + Left Arrow Jump backwards - long
Shift + Right Arrow Jump forward - short
Alt + Right Arrow Jump forward - medium
Ctrl + Right Arrow Jump forward - long

Exporting video

Use the Export Video button at the top of the Safeguard Desktop Player to export the sessions recording file as a video file (WEBM format). This WEBM file can then be played back using any standard video player, such as the one available with Firefox or Google Chrome.

To export a video

  1. In the Safeguard for Privileged Passwords Desktop Player, click Export Video.

    The Export screen appears, displaying the name of the video file and the size of the file.

  2. If you want to include user event subtitles with the exported file, select the Subtitle check box in the upper left corner of the screen.
  3. Click the browse button () in the lower right corner of the screen to specify the location where the file is to be stored.

    The specified location appears in the Export to field.

  4. Click the Export button.

    An Export Successful message appears.

Key descriptions

Expanding a channel in the Channels pane of the Safeguard for Privileged Passwords Desktop Player displays additional details about the recording. The keys displayed depends on the type of channel selected. The keys marked with an asterisk (*) may provide you some additional insight into the recording; most of the other keys are internal values.

Table 285: Safeguard Desktop Player: Key descriptions
Key Description
auth_method Authentication method used.
bpp Color depth (bits-per-pixel) of the remote machine.
channel_id Internal identifier assigned to the channel being recorded.
channel_name Internal name assigned to the channel being recorded.
channel_policy Internal name assigned to the channel policy being used.
channel_type Type of channel: SSH or RDP
client_address* Address of the client computer.
client_address.ip IP address of the client computer.
client_address.port Port used by the client computer.
client_id Internal identifier assigned to the client computer.
client_x509_subject Client certificate subject.
connection Internal connection policy being used.
connection_id Internal connection identifier assigned to the recording.
data_received Data received flag: True
data_sent Data sent flag: True
dst_ip IP address of the session recording module.
duration* Duration of the recording.
duration_raw Raw duration of the recording (should be the same as the duration).
exit_status Exit status of the program run on the remote server.
height_rows* Number of rows shown in the SSH terminal.
initiator Who initiated the connection: Client
is_processable Indicates if the session can be processed: True
local_ip IP address of the sessions module.
protocol* Protocol used: SSH or RDP
remote_username* Name of the user name that log into the remote machine.
server_address* Address and port of the remote machine.
server_address.ip IP address of the remote machine.
server_address.port Port used to connect to the remote machine.
server_id Internal identifier assigned to the remote machine.
server_ip IP address of the remote machine.
session_end Time (in milliseconds) when the session ended.
session_id Internal session ID assigned to the session.
session_start Time (in milliseconds) when the session started.
Signature Validity of the Session Recording Signing certificate.
source Source protocol: SSH or RDP
stream_type Internal type assigned to the recording stream.
term Type of SSH terminal.
Timestamp Validity of the Timestamping Authority certificate.
username Name of the user that authenticated to the remote machine.
width_cols Width (in columns) of the original SSH session screen.
width_pix* Width (in pixels) of the original SSH session screen.
width* Screen width of the RDP session.
Related Documents