Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.6 - Administration Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Safeguard Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting Glossary

System requirements

Prior to installing Safeguard Authentication Services, ensure your system meets the minimum hardware and software requirements for your platform. Safeguard Authentication Services consists of Windows management tools and Unix client agent components.

Related Topics

Windows and cloud requirements

Windows components

Windows permissions

Unix agent requirements

Unix components

Permissions matrix

Encryption types

Management Console for Unix requirements

Windows and cloud requirements

The following are the minimum requirements for using Safeguard Authentication Services in your environment.

Table 1: Authentication Services requirements
System requirements

Supported Windows Platforms

Prerequisite Windows software

If the following prerequisite is missing, the Safeguard Authentication Services installer suspends the installation process to allow you to download the required component. It then continues the install:

  • Microsoft .NET Framework 4.5

You can install Safeguard Authentication Services on 64-bit editions of the following configurations:

  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

NOTE: Due to tightened security, when running Safeguard Authentication Services Control Center on Windows 2008 R2 (or later) operating system, functioning as a domain controller, the process must be elevated or you must add authenticated users to the Distributed COM Users group on the computer. As a best practice, One Identity does not recommend that you install or run the Safeguard Authentication Services Windows components on Active Directory domain controllers. The recommended configuration is to install the Safeguard Authentication Services Windows components on an administrative workstation.

Supported cloud services

  • AWS Directory Service for Microsoft Active Directory (also called AWS Managed Microsoft AD)
  • Azure Active Directory Domain Services

  • Google Cloud Platform Managed Service for Microsoft Active Directory

Windows components

Safeguard Authentication Services includes the following Windows components.

Table 2: Windows components
Windows component Description

Safeguard Authentication Services Control Center

A single console for access to all of the tools and configuration settings for Safeguard Authentication Services.

Active Directory Users and Computers MMC Snapin Extensions

Unix management extensions for Active Directory users and groups.

Group Policy Management Editor MMC Snapin Extensions

Group Policy extensions for management of Unix, Linux, and macOS.

RFC2307 NIS Map Editor MMC Snapin

Provides the ability to manage NIS data in Active Directory.

NIS Map Import Wizard

Imports NIS data into Active Directory.

Unix Account Import Wizard

Imports Unix identity data into Active Directory.

Safeguard Authentication Services PowerShell cmdlets

Provides the ability to script Unix management tasks.


Full product documentation and online help.

Windows permissions

To install Safeguard Authentication Services on Windows, you must have:

  • Local administrator rights
  • Rights to create and delete all child objects in the container where you will install the configuration settings (first-time only)

Authenticated Users must have rights to read cn, displayName, description, and whenCreated attributes for container objects in the application configuration location. To change Active Directory configuration settings, Administrators must have rights to Create Child Object (container) and Write Attribute for cn, displayName, description, and showInAdvancedViewOnly in the application configuration location.


Table 3: Required Windows permissions
Rights required For user Object class Attributes

Create Child Object

Safeguard Authentication Services Administrators Only



Delete Child Object

Safeguard Authentication Services Administrators Only



Delete Child Object

Safeguard Authentication Services Administrators Only



Write Attribute

Safeguard Authentication Services Administrators Only


cn, displayName, description, showInAdvancedViewOnly

Read Attribute

Authenticated Users


cn, displayName, description, whenCreated

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating