Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.0.3 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS) The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Forwarding data to third-party systems Joining to One Identity Starling
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a high availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Searching session data on a central node in a cluster Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help LDAP user and group resolution in SPS Appendix: Deprecated features Glossary

Using a custom Authentication and Authorization plugin to authenticate on the target hosts

The following describes how to configure One Identity Safeguard for Privileged Sessions (SPS) to use an Authentication and Authorization plugin (AA plugin) before accessing the target host.

Prerequisites

To configure SPS to use an Authentication and Authorization plugin before accessing the target host

  1. To upload the custom plugin you received, navigate to Basic Settings > Plugins, browse for the file and click Upload.

    NOTE:

    It is not possible to upload or delete plugins if SPS is in "Sealed mode" in the Administration Guide.

    Your plugin .zip file may contain an optional sample configuration file. This file serves to provide an example configuration that you can use as a basis for customization if you wish to adapt the plugin to your site's needs.

  2. If your plugin supports configuration, then you can create multiple customized configuration instances of the plugin for your site. Create an instance by completing the following steps:

    1. Go to Policies > AA Plugin Configurations. Select the plugin to use from the Plugin list.

    2. The Configuration textbox displays the example configuration of the plugin you selected. You can edit the configuration here if you wish to create a customized instance of the plugin.

      NOTE:

      Plugins created and issued before the release of SPS 5 F1 do not support configuration. If you create a configuration for a plugin that does not support this, the affected connection will stop with an error message.

      Figure 262: Policies > AA Plugin Configurations — Creating a customized plugin configuration instance

  3. Navigate to the Connection policy where you want to use the plugin (for example, to RDP Control > Connections), select the plugin configuration instance to use in the AA plugin field, then click Commit.

  4. If the plugin sets or overrides the gateway username of the connection, configure a Usermapping policy and use it in the Connection policy. For details, see "Configuring usermapping policies" in the Administration Guide.

  5. Verify that the configuration works properly: try to establish a test connection. For details, see "Performing authentication with AA plugin in Remote Desktop connections" in the Administration Guide. If the plugin is configured to store any metadata about the connection, these data will be available in the Additional metadata field of the SPS Search interface.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating