Chat now with support
Chat with Support

One Identity Safeguard 2.5 - Release Notes

One Identity Safeguard for Privileged Passwords Release Notes

One Identity Safeguard for Privileged Passwords 2.5

Release Notes

January 2019

These release notes provide information about the One Identity Safeguard for Privileged Passwords 2.5 release.

About the Safeguard product line

The One Identity Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.

The privileged management software provided with One Identity Safeguard for Privileged Passwords consists of the following modules:

  • One Identity Safeguard for Privileged Passwords automates, controls and secures the process of granting privileged credentials with role-based access management and automated workflows. Deployed on a hardened appliance, Safeguard for Privileged Passwords eliminates concerns about secured access to the solution itself, which helps to speed integration with your systems and IT strategies. Plus, its user-centered design means a small learning curve and the ability to manage passwords from anywhere and using nearly any device. The result is a solution that secures your enterprise and enables your privileged users with a new level of freedom and functionality.
  • One Identity for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.

    Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.

  • One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.

One Identity Safeguard for Privileged Passwords Version 2.5 is a major release with new features and functionality in addition to numerous bug fixes. In this release you will find custom platforms, authentication options, and Safeguard Sessions Appliance join. See New features.

NOTE: For a full list of key features in One Identity Safeguard for Privileged Passwords, see the One Identity Safeguard for Privileged Passwords Administration Guide.

New features

Directory based user discovery (713614 and 761638)

When adding a new directory based user group, the Authorizer Administrator or the User Administrator now have the option to:

  • Configure primary and secondary authentication providers and
  • Set administrator permissions on the imported or updated Safeguard for Privileged Passwords users.

In addition, any managed directory accounts that exist in Safeguard for Privileged Passwords at the time of the import process (or during the background synchronization of the directory), can automatically be assigned to a Safeguard user as a linked account. That association will be dependent upon the value of an attribute from the directory (such as "managedObjects" or "directoryReports" in Active Directory or "seeAlso" in OpenLDAP 2.4).

Offline Workflow (782735)

To ensure password consistency and individual accountability for privileged accounts, when an appliance loses consensus in the cluster access requests are disabled. In the event of an extended network partition, the Appliance Administrator can manually place an appliance in Offline Workflow mode to run access request workflow on that appliance in isolation from the rest of the cluster. When the network issues are resolved and connectivity is reestablished, the Appliance Administrator can manually resume online operations to merge audit logs, drop any in flight access requests, and return the appliance to full participation in the cluster.

It is recommended that no changes to cluster membership are made while an appliance is in Offline Workflow mode. The Appliance Administrator must manually restore the online operations before adding other nodes to ensure the appliance can seamlessly reintegrate with the cluster.

See also:

Resolved issues

The following is a list of issues addressed in this release.

Table 1: General resolved issues
Resolved Issue Issue ID

Cluster failover not available in UI when Primary is down.


Update Task on Password Change (UpdateDependentSystem) fails with Transport reported error


AD User Group update fails with MySQL Transaction Cancelled Error 791479
DC Selection Algorithm Selects no DC when all weights are 0 (error: Selected Server ' ') 787824

Domain name not visible when requesting Active Directory account


Chinese Simplified has been depreciated. The plan is to remove Chinese Simplified from Safeguard for Privileged Password in a future release yet to be determined. NA

Known issues

The following is a list of issues known to exist at the time of release.

Table 2: Known issues
Known Issue Issue ID

Update from 2.4.0 with managed Network settings to 2.5.0 may lose the defined appliance per network setting.


Updating BMC firmware is not recommended. Changes to the BIOS may have unexpected results. 792851

AIX check password fails if salt is ".."

Detail: If during an ChangePassword on AIX (and perhaps other Unix systems) the DES Encryption randomly selects “..” as the salt to use during the encryption process, Safeguard will fail when trying to check the password later.

Workaround: Run ChangePassword again and create a new password, hopefully without a “..” salt. The odds of hitting this condition are 1 in 4096.


Patching the appliance takes longer based on the number of assets. It is estimated that 1000 assets may take 20 minutes. 782908
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents