One Identity Safeguard 2.5 - Administration Guide

Introduction System requirements Installing the One Identity Safeguard for Privileged Passwords desktop client Setting up Safeguard for Privileged Passwords for the first time Getting acquainted with the console Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Directories Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions
How do I access the API How do I audit transaction activity How do I configure external federation authentication How do I manage accounts on unsupported platforms How do I modify the appliance configuration settings How do I prevent Safeguard for Privileged Passwords messages when making RDP connections How do I see which assets and/or accounts are governed by a profile How do I set the appliance system time How do I setup discovery jobs How do Safeguard for Privileged Passwords database servers use SSL What are the access request states What do I do when an appliance goes into quarantine What is required for One Identity Safeguard for Privileged Passwords, embedded sessions module What is required to integrate with Starling Identity Analytics & Risk Intelligence What needs to be set up to use Application to Application What role-based email notifications are generated by default When does the rules engine run for dynamic grouping and tagging Why did the password change during an open request Why join Safeguard for Privileged Passwords to One Identity Starling
Safeguard Desktop Player Appendix: Safeguard ports

Supported platforms

One Identity Safeguard for Privileged Passwords supports a variety of platforms.

NOTE: The following table lists the platforms and versions that have been tested. Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the "Other" or "Other Linux" option on the Management tab of the Asset dialog. For more information, see Management tab. Custom platforms can be added. For more information, see Custom Platforms.

In addition, platforms that support RDP and SSH protocols are generally supported for sessions management.

Table 9: Supported platforms: Assets that can be managed
Platform Version Architecture

ACF2 - Mainframe

r14, r15

zSeries

ACF2 - Mainframe LDAP

r14, r15

zSeries

AIX

6.1, 7.1, 7.2

PPC

Amazon Web Services

1  
CentOS Linux

6

7

x86, x86_64

x86_64

Cisco IOS 12.X, 15.X  
Cisco PIX 7.X, 8.X  

Debian GNU/Linux

6, 7, 8, 9

MIPS, PPC, x86, x86_64, zSeries

Dell iDRAC

7, 8

 

F5 Big-IP

12.1.X, 13.0

 

Facebook

   

Fedora

21, 22, 23, 24, 25, 26

x86, x86_64

Fortinet FortiOS

5.2, 5.6

 

FreeBSD

10.4, 11.1

x86, x86_64

HP iLO

iLO 2, 3, 4

x86

HP iLO MP

2, 3, 4

IA-64

HP-UX

11iv2 (B.11.23),
11iv3 (B.11.31)

IA-64, PA-RISC

IBM i

7.1, 7.2

PPC

Junos - Juniper Networks

12, 13, 14, 15

 

MAC OS X

10.9, 10.10, 10.11, 10.12, 10.13

x86_64

MongoDB

3.4, 3.6

 

MySQL

5.6, 5.7  

Oracle Database

11g Release 2,
12c Release 1
 

Oracle Linux (OEL)

6

7

x86, x86_64

x86_64

PAN-OS

6.0, 7.0

 

PostgreSQL

9.6.7, 10.2

 

RACF - Mainframe

z/OS V2.1 Security Server,
z/OS V2.2 Security Server
zSeries

RACF - Mainframe LDAP

z/OS V2.1 Security Server,
z/OS V2.2 Security Server

zSeries

Red Hat Enterprise Linux (RHEL)

6

7

PPC, x86, x86_64, zSeries

PPC, x86_64, zSeries

SAP HANA

2.0

Other

SAP Netweaver Application Server

7.3, 7.4

 

Solaris

10

11

SPARC, x86, x86_64

SPARC, x86_64

SonicOS

5.9, 6.2

 

SonicWALL SMA or CMS

11.3.0

 

SQL Server

2012, 2014, 2016

 

SUSE Linux Enterprise Server (SLES)

11

12

IA-64, PPC, x86, x86_64, zSeries

PPC, x86_64, zSeries

Sybase (Adaptive Server Enterprise)

15.7, 16

 

Top Secret - Mainframe

r14, r15

zSeries

Top Secret - Mainframe LDAP

r14, r15

zSeries

Twitter

   

Ubuntu

14.04 LTS, 15.04, 15.10, 16.04 LTS, 16.10, 17.04

x86, x86_64

VMware ESXi

5.5, 6.0, 6.5

 

Windows

Vista, 7, 8, 8.1, 10

 

Windows Server

2008, 2008 R2, 2012, 2012 R2, 2016

 
Table 10: Supported platforms: Directories that can be searched
Platform Version

Microsoft Active Directory

Windows 2008+ DFL/FFL

OpenLDAP

2.4

Product licensing

One Identity Safeguard for Privileged Passwords is made up of a core set of features, such as the UI and Web Services layers, and a number of modules. The One Identity Safeguard for Privileged Passwords 2000 Appliance ships with the following modules, each requiring a valid license to enable functionality:

  • Privileged Passwords
  • Privileged Sessions

You must install a valid license for each Safeguard for Privileged Passwords module to operate. More specifically, if any module is installed, Safeguard for Privileged Passwords will show a license state of Licensed and is operational. However, depending on which models are licensed, you will see limited functionality. That is, even though you will be able to configure access requests:

  • If a Privileged Passwords module license is not installed, you will not be able to request a password release.
  • If a Privileged Sessions module license is not installed, you will not be able to initiate a session access request.

As an Appliance Administrator:

  • If you are receiving a "license expiring" notification, apply a new license using that module's Update License link in Administrative Tools | Settings | Appliance | Licensing.
  • If all licensed modules have expired, you will be prompted to add a new license when logging into the Safeguard for Privileged Passwords desktop client.
  • If only one of the licensed modules have expired, apply a new module license by clicking in Administrative Tools | Settings | Appliance | Licensing.

As a Safeguard for Privileged Passwords user, if you get an "appliance is unlicensed" notification, contact your Appliance Administrator.

For more information on adding or updating a Safeguard for Privileged Passwords license, see Licensing.

Installing the One Identity Safeguard for Privileged Passwords desktop client

To define and enforce security policy for your enterprise, you must first install the desktop client application which gives you access to the Administrative Tools.

These topics explain how to install, start and uninstall the Safeguard for Privileged Passwords desktop client application:

Installing the desktop client

NOTE: When you install the Windows desktop client, the following components are also installed:

  • Safeguard for Privileged Passwords Desktop Player which is used to replay recorded sessions.
  • Safeguard for Privileged Passwords PuTTY which is used to launch the SSH client for SSH session requests.

Installing the Safeguard for Privileged Passwords desktop client application

  1. To download the Safeguard for Privileged Passwords desktop client Windows installer .msi file, open a browser and navigate to:

    https://<Appliance IP>/Safeguard.msi

    Save the Safeguard.msi file in a location of your choice.

  2. Run the MSI package.
  3. Select Next in the Welcome dialog.
  4. Accept the End-User License Agreement and select Next.
  5. Select Install to begin the installation.
  6. Select Finish to exit the desktop client setup wizard.
Related Documents