Chat now with support
Chat with Support

Safeguard Authentication Services 4.2.3 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Authentication Services Upgrade the web console Upgrade Authentication Services Windows components Configure Active Directory for Authentication Services Configure Unix agent components Upgrade Authentication Services client components manually Getting started with Authentication Services Troubleshooting

About Authentication Services licenses

Authentication Services must be licensed in order for Active Directory users to authenticate on Unix and macOS hosts.

Note: When upgrading, Authentication Services continues to use licenses from previous versions. This allows the upgrade to take place without having to distribute new license files first.

Note: While you can install and configure Authentication Services on Windows and use the included management tools to Unix-enable users and groups in Active Directory without installing a license, you must have a valid Authentication Services license installed for full functionality.

NOTE: In order to use Starling Two-Factor Authentication with Authentication Services, you must have a valid license for Authentication Services with One Identity Hybrid Subscription included.

To obtain a license, use the Licensing Assistance page on the One Identity support page or contact your account representative.

For more information on installing Authentication Services licenses, see Adding licenses using the Control Center.

System requirements

Prior to installing Authentication Services, ensure your system meets the minimum hardware and software requirements for your platform. Authentication Services consists of Windows management tools and Unix client agent components.

Related Topics

Windows and cloud requirements

Authentication Services Windows components

Windows permissions

Unix agent requirements

Authentication Services Unix components

Authentication Services permissions matrix

Authentication Services encryption types

Management Console for Unix requirements

Windows and cloud requirements

The following are the minimum requirements for using Authentication Services in your environment.

Table 1: Authentication Services requirements
System requirements

Supported Windows Platforms

Prerequisite Windows software

If the following prerequisite is missing, the Authentication Services installer suspends the installation process to allow you to download the required component. It then continues the install:

  • Microsoft .NET Framework 4.5

You can install Authentication Services on 64-bit editions of the following configurations:

  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

NOTE: Due to tightened security, when running Authentication Services Control Center on Windows 2008 R2 (or later) operating system, functioning as a domain controller, the process must be elevated or you must add authenticated users to the Distributed COM Users group on the computer. As a best practice, One Identity does not recommend that you install or run the Authentication Services Windows components on Active Directory domain controllers. The recommended configuration is to install the Authentication Services Windows components on an administrative workstation.

Supported cloud services

  • AWS Directory Service for Microsoft Active Directory (also called AWS Managed Microsoft AD)
  • Azure Active Directory Domain Services

  • Google Cloud Platform Managed Service for Microsoft Active Directory

Authentication Services Windows components

Authentication Services includes the following Windows components.

Table 2: Windows components
Windows component Description

Authentication Services Control Center

A single console for access to all of the tools and configuration settings for Authentication Services.

Active Directory Users and Computers MMC Snapin Extensions

Unix management extensions for Active Directory users and groups.

Group Policy Management Editor MMC Snapin Extensions

Group Policy extensions for management of Unix, Linux, and macOS.

RFC2307 NIS Map Editor MMC Snapin

Provides the ability to manage NIS data in Active Directory.

NIS Map Import Wizard

Imports NIS data into Active Directory.

Unix Account Import Wizard

Imports Unix identity data into Active Directory.

Authentication Services PowerShell cmdlets

Provides the ability to script Unix management tasks.

Documentation

Full product documentation and online help.

Note: The VAS Configuration Utility is no longer included. Instead the Control Center provides access to all preferences and tools. If you were using the custom schema functionality of the VAS Configuration Utility, be sure to configure the same settings in the Control Center under Preferences | Custom Unix Attributes.

Any previous version of the Authentication ServicesWindows components are automatically uninstalled before the Authentication Services 4.2.3 install proceeds.

Related Documents