Chat now with support
Chat with Support

Safeguard Remote Access Hosted - Administration Guide

Introduction Prerequisites Limitations Getting started Administrator-side use cases User-side use cases Appendix Glossary

Adding a new connection to an existing target server

Each target server can serve multiple connections. Connections consist of two elements:

  • An asset (the target server itself).

  • An account (the Azure Active Directory account).

You can group these connections based on various attributes, such as the applied protocol (RDP, SSH, or TELNET), the SPS connection policy name, or the address of the target server.

TIP: If you want to speed up adding new connections, you can import them from a CSV file. For more information, see Importing connections from a CSV file.

To add a new connection to an existing target server

  1. On the Connections page, click New Connection.

    Figure 16: Connections > New Connection > Add new user to target server - Adding a new connection

  2. The Add new user to target server sidesheet is split into two sections as connections comprise of assets and accounts.

    • For Asset configuration:

      1. Specify the address of the target server that you want to access.

      2. Specify the access protocol of the new connection (for example, SSH, RDP, or TELNET).

      3. Select a policy for this connection. To configure a policy in One Identity Safeguard for Privileged Sessions (SPS), navigate to Policies.

    • For Account configuration:

      1. Specify a username.

      2. (Optional) Specify a domain name in which the username you specified is a member.

  3. Click Create.

Importing connections from a CSV file

You can speed up adding your user-specific connections to the One Identity Safeguard Remote Access (SRA) Connections page by importing them from a CSV file.

Successfully imported connections are automatically grouped under the respective connection policies.

For information about adding new connections manually, see Adding a new connection to an existing target server.

  • You must have an SRA Admin role.

  • An SPS instance joined to One Identity Starling.

  • Only CSV file format is supported for upload, with a maximum size of 10 MB.

  • SRA only accepts commas as delimiters in the CSV files.

  • Expected columns for the CSV files:

    Name of column


    Accepted values



    <IPv4-address> | <IPv6-address> | hostname






    <nonnegative integer>












    rdp | ssh



    fix | inband

CSV file structure

You can use the expected columns and corresponding values of a CSV file in any order you prefer. The following screenshot illustrates the structure and contents of an example CSV file.

Figure 17: Example of CSV file structure and contents

Uploading the CSV file

When you made sure you meet the prerequisites, you can start uploading your CSV file.

To upload the CSV file that contains the connections you want to add

  1. Log in to SRA as Admin.

  2. Navigate to the SRA Connections page.

  3. Click Import CSV.

  4. Select the CSV file you want to upload from your computer, then click Open.

    At the bottom of the page, snackbar notifications indicate the current upload state.

    For example, Successfully imported 8 connections. Refresh the page to see the results. indicates 8 successfully imported connections.

    CAUTION: If you navigate away from the page while uploading is in progress, you will not see the snackbar notifications about the progress and if the upload was successful.

    NOTE: While uploading the CSV file, Import CSV is grayed out, then enabled again after the upload is complete.

  5. Refresh the UI to see the newly added connections, grouped under connection policies.

    Expected result: After refreshing the UI, the newly imported connections are displayed as tiles under the respective connection policy group on the SRA Connections page.


In some cases, the snackbar displays the Successfully imported 0 connections. Refresh the page to see the results. message.

Possible reasons:

  • Your browser does not support file upload.

  • The file upload functionality is switched off in your browser.

  • The file upload functionality is switched on in your browser, but the file size exceeds the limit configured in your browser.

  • You are trying to import the same connections that you have previously imported.

  • The JoinInstanceName value is not valid.

  • There is no connection policy with the specified ServerSelection, AssetAddress, or AssetPort (or any combination of them) in the SPS connection policy configuration.

  • A connection has already been added with the specified AccountUsername and AccountDomain. Therefore, the connection will not be imported to the specified connection policy group.

Configuring maximum client resolution

Configuring client resolution correctly results in a better stream quality.

NOTE: A higher client resolution results in higher network traffic load.

To configure maximum client resolution

  1. Click (Settings) and select Safeguard Remote Access Settings.

  2. Find Select maximum client resolution.

  3. Select the preferred client resolution.

    The default value is 1024x768.

NOTE: If the administrator sets a client resolution as maximum, that means that the user is free to select any of the available client resolutions up until the maximum resolution. For example, if the maximum client resolution is set to 1280x720, the user can still set the client resolution to 1024x768, but cannot set it higher than 1280x720.

Adding Azure Active Directory users directly

To allow your users to access specific servers through One Identity Safeguard Remote Access (SRA), add them to selected Azure Active Directory (AAD) groups. Adding Azure AD users directly to SRA simplifies the onboarding workflow, as there is no need to set up a One Identity Starling account.

With this approach, employees within an organization can visit, provide their Azure AD username and password and/or other credentials, and gain access to SRA connections permitted to them based on their group membership.

  • The employees of the organization are provisioned in Azure AD.

  • There is a user with Administrator role in that AAD. The Administrator must consent to One Identity Starling having read-only access to Azure AD, specifically to:

    • Read all users' full profiles

    • Read all groups

    • Sign in and read user profile

Figure 18: Allow One Identity Starling to have access to your Azure Active Directory user groups

To add Azure Active Directory users directly

  1. Log into One Identity Starling ( as an Organization-administrator and also as an Azure Active Directory Administrator.

  2. Click (Settings) and manage Directory Services.

  3. Click Register Directory and follow the instructions.

  4. Go to SRA and start setting up connections with role assignments. For more information, see Granting connection access to AAD users.

  5. Enable the role-based access control (RBAC) functionality. For more information, see Enabling role-based access control.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating