https://www.oneidentity.com/community/safeguard/en-USTelligent Community 13https://www.oneidentity.com/community/safeguard/f/forum/39828/onboarding-admin-account-for-sps-in-safeguard/92640Tue, 19 May 2026 07:06:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:7c868327-b95a-4a3e-bb7a-6c3b0d9e4161sgainHi Darko, Many thanks for your reply. We are using One Identity Safeguard for Privileged Sessions on Demand SE, where the appliances are hosted by One Identity , so we do not have much control over the underlying infrastructure. I am logged into SPS using the Admin account, and under Basic Settings I cannot see the “Local Services” option.https://www.oneidentity.com/community/safeguard/f/forum/39797/spp-windows-license/92639Tue, 19 May 2026 07:04:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:5dae595a-24a0-4618-9399-bd0b4bbefcb8DarkoHello mwael, We encountered a similar issue when attempting to use Windows 10 Enterprise LTSC 2021 , but were unable to get it working successfully. Fortunately, the license also provided the option to retrieve a 2019 license key , which resolved our activation issue. Additionally, there are cases where the Windows activation process becomes stuck. In such situations, restarting the SPP server may be necessary before Windows can be activated successfully.https://www.oneidentity.com/community/safeguard/f/forum/39611/specific-vpn-user-to-exclude-from-session-recording/92636Tue, 19 May 2026 06:51:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:d44283cc-666d-4354-95c8-5bea386eeb43DarkoHello Shauls, I believe this should work. However, you should take extra care to ensure that the order of the connection policies is configured correctly. The more restrictive policies should be positioned above the default policy to ensure they are evaluated first.https://www.oneidentity.com/community/safeguard/f/forum/39828/onboarding-admin-account-for-sps-in-safeguard/92635Tue, 19 May 2026 06:43:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:8656a8b7-2acf-421d-ad0d-7523cf3f3d20DarkoHello again, The Safeguard for Privileged Sessions (SPS) platform within SPP is intended for managing accounts that exist locally on the SPS appliance, such as the AdminSPS account. To use this functionality, you need to enable local SSH server under Basic Settings → Local Services on the SPS server. This is required, at least for on-premises installations. In my case, the connection test was failing because a custom port had been configured for the local SSH server (port 2222), which I had overlooked. By default, port 22 is typically reserved for the SSH Connection Policy. I am doing this on On-Prem installation.https://www.oneidentity.com/community/safeguard/f/forum/39828/onboarding-admin-account-for-sps-in-safeguardMon, 18 May 2026 13:14:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:9cb83875-ebda-481d-9b6d-7a6457a9caa5sgainWhat is the “Safeguard for Privileged Sessions (SPS)” platform within SPP, and what is its intended use? I am trying to onboard the AdminSPS account in this platform and have configured the SPS IP as the network address. However, the test connection is failing regardless of whether I use port 443 or 22. This is in One Identity Safeguard On Demand version 8.0.0. The objective is to onboard the Admin account from SPS and enable PAM-based password rotation.safeguard privileged sessionhttps://www.oneidentity.com/community/safeguard/f/forum/39611/specific-vpn-user-to-exclude-from-session-recording/92627Sun, 17 May 2026 07:32:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:1adffd55-b4bf-46df-9b44-5d25aedacea5shaulsHi, sorry for the late reply! If I configure the channel policy for a specific source IP, it removes the need for configuring a different port?https://www.oneidentity.com/community/safeguard/f/forum/39811/share-your-safeguard-story-and-wins---and-get-a-25-gift-card-from-gartner-it-s-quick-and-easy/92613Thu, 07 May 2026 19:55:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:33f637b2-c0b8-4890-aec9-0a21cdf10ffdMegan PennieLink: https://gtnr.io/Ds35LArYbhttps://www.oneidentity.com/community/safeguard/f/forum/39811/share-your-safeguard-story-and-wins---and-get-a-25-gift-card-from-gartner-it-s-quick-and-easyThu, 07 May 2026 00:09:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:3062bfb3-f8d5-42af-af24-53c02e4c19ecMegan PennieWhat do you love about Safeguard? How has it helped improve your security posture, reduce risk, or drive efficiency? We want your thoughts on Safeguard PAM on Gartner Peer Insights. - As a thank you, you'll g et a $25 Gift Card from Gartner for your published product review! Or you can opt to donate it to a charity that you can choose from their list. Start your review and claim your gift card choice. The quick survey only takes 10 minutes! We really appreciate your time -- as your feedback helps your peers learn from your thought-leadership and recommendations. How to Submit a Survey: Click here to access the One Identity Safeguard PAM survey on Gartner Peer Insights Carve out approximately 10 minutes to complete your survey Follow the prompts to share feedback on our customer service, support, capabilities, and product implementation. As you complete your survey, please keep the following in mind: Reviews are Anonymous. Though you will be asked to create an account, your name and company will not be attached to your review. Only demographic details (role, industry, organization size) will be displayed with your comments. Personal Email Addresses are Not Accepted. Gartner Peer Insights only accepts business email addresses for account creation. All Submissions Must Be Approved by Gartner Peer Insights. Gartner Peer Insights carefully reviews each survey to ensure validity and maintain the integrity of the forum. You are not permitted to review your own, your competitors’, or your affiliates’ products of services. Approved Reviews Are Posted Within a Few Days. Should your review fail to appear in this time, you may contact Gartner Peer Insights directly at peerinsights@gartner.com . What is Gartner Peer Insights? Peer Insights is a verified peer-driven review platform serving buyers and sellers of enterprise technology and business solutions. The peer perspectives shared through reviews help technology decision-makers, like you, stay ahead, stay informed, and move forward confidently. The reviews also help technology providers improve their products through objective, unbiased customer feedback. Thanks for your love of Safeguard PAM and for your time in submitting a Gartner Peer Insight product review. We appreciate you. Calling all Safeguard customers! Submit a 10-minute ANONYMOUS review and receive a gift card from Gartner! - Privileged Access Management - Blogs - One Identity Communitygift cardsafeguardPAMhttps://www.oneidentity.com/community/safeguard/f/forum/39797/spp-windows-licenseWed, 29 Apr 2026 08:18:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:f20f8da6-5ffa-4134-b4d7-d841d847fa88mwaelHello everyone, Can SPP be licensed with Windows 10 LTSC 2021 or Enterprise 2021 ? or only with Windows 10 LTSC 2019 ? We have Windows 10 LTSC 2021 and Enterprise 2021 in our KMS but it doesn't license.SPPSafeguard for Privileged Passwordshttps://www.oneidentity.com/community/safeguard/f/forum/36808/management-of-azure-ad-privileged-accounts-on-safeguard/92561Thu, 23 Apr 2026 07:12:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:f2b39a80-80cc-4ae7-b23d-a08e2f8f9f2csgainWe identified that Azure AD Connect was initially missing from the Azure platform connector; this has now been resolved. Directory mapping and integration with Microsoft Entra ID have been successfully completed. We would like to understand which operations or functionalities could be impacted by not configuring managed applications (Enterprise Applications), despite having successful directory synchronization.https://www.oneidentity.com/community/safeguard/f/forum/39783/problem-with-rdp-on-sps-8-2Wed, 22 Apr 2026 12:26:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:6088b931-9d10-4172-a7a6-04da3d213c20robert knappeHello, I have a problem server certification validation on RDP after upgrading SPS to 8.2 I get this error: 2026-04-22T14:00:44+02:00 zorp/scb_rdp[2108]: rdp.info(4): (svc/ejJaUc9x4L1tjWKRjouu7b/safeguard_rdp:330/rdp): Starting SSL layer; 2026-04-22T14:00:44+02:00 zorp/scb_rdp[2108]: rdp.info(4): (svc/ejJaUc9x4L1tjWKRjouu7b/safeguard_rdp:330/rdp): Starting SSL layer on client side; 2026-04-22T14:00:44+02:00 zorp/scb_rdp[2108]: rdp.info(4): (svc/ejJaUc9x4L1tjWKRjouu7b/safeguard_rdp:330/rdp): Starting SSL layer on server side; 2026-04-22T14:00:44+02:00 zorp/scb_rdp[2108]: core.policy(1): (svc/ejJaUc9x4L1tjWKRjouu7b/safeguard_rdp:330/rdp): Certificate verification failed; error='unsuitable certificate purpose', issuer='/C=DE/O= ', subject='/CN= ' 2026-04-22T14:00:44+02:00 zorp/scb_rdp[2108]: core.info(4): (svc/ejJaUc9x4L1tjWKRjouu7b/safeguard_rdp:330/rdp): TLS alert received; operation='write', alert_type='fatal', alert_type_id='2', alert_reason='unsupported certificate', alert_reason_id='43' 2026-04-22T14:00:44+02:00 zorp/scb_rdp[2108]: core.error(1): (svc/ejJaUc9x4L1tjWKRjouu7b/safeguard_rdp:330/rdp): SSL handshake failed; side='server', error='error:0A000086:SSL routines:lib(20)::certificate verify failed:reason(134), supressed 1 messages' 2026-04-22T14:00:44+02:00 zorp/scb_rdp[2108]: rdp.error(4): (svc/ejJaUc9x4L1tjWKRjouu7b/safeguard_rdp:330/rdp): Server-side SSL handshake failed; 2026-04-22T14:00:44+02:00 zorp/scb_rdp[2108]: rdp.error(4): (svc/ejJaUc9x4L1tjWKRjouu7b/safeguard_rdp:330/rdp): SSL handshake failed to proceed without handler; 2026-04-22T14:00:44+02:00 zorp/scb_rdp[2108]: scb.audit(4): (svc/ejJaUc9x4L1tjWKRjouu7b/safeguard_rdp:330/rdp): Closing connection; connection='safeguard_rdp', protocol='rdp', I have another instance with 8.1 and this works, the same following configuration. Under the configuration of RDP I have the following configuration TLS Use the same certification for each connection Private key for host certificate: X.509 host certificate: Only accept certificates authenticated by the trusted CA list Trusted CA: Under the CA list I've got the complete chain. Root and Intermediate of my company. If I choose "No validation" it works. Can anybody help my with this problem? regards, RobSPSHandshakeSSLCertificateshttps://www.oneidentity.com/community/safeguard/f/forum/39778/devolution---safeguard-integration---forbidden---code-90408/92550Tue, 21 Apr 2026 10:07:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:bd25e5f6-a5e3-4d84-8238-08879ea3aed3DarkoHello, Update / Correction I’m updating my previous response, as the earlier conclusion turned out to be incorrect. The actual cause of the 90408 Forbidden error is related to the Access Request Policy configuration in Safeguard. When using Resolving Mode: Injection in the Devolutions Safeguard entry, only Access Request Policies with Request Type set to Credential are supported. If the policy is configured with a different request type, the API call will fail with the authorization error. Hopefully this helps anyone troubleshooting the same issue.https://www.oneidentity.com/community/safeguard/f/forum/39778/devolution---safeguard-integration---forbidden---code-90408Tue, 21 Apr 2026 08:20:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:ac0751a6-de22-41f1-bf09-f2db249b9229DarkoHello, I’m currently working on integrating Devolutions Remote Desktop Manager with One Identity Safeguard for Privileged Passwords (SPP), and I’ve run into an issue I can’t seem to resolve. So far, the integration is partially working: We can successfully connect to SPP The list of available assets for a local user is retrieved without issues However, when attempting to submit a request for any of the available options (password, username, domain, etc.), the SPP API returns the following error: Error: Forbidden Code: 90408 Message: You are not authorized to use this request type for this request InnerError: null Additional details: The local user in Safeguard has all permissions enabled OAuth grant type is set to Resource Owner , as specified in the Devolutions documentation Reference documentation: https://docs.devolutions.net/rdm/kb/how-to-articles/one-identity-pam/ Has anyone encountered this before or knows what might be causing the API to reject the request at this stage? Any insights would be appreciated. Thanks in advance.https://www.oneidentity.com/community/safeguard/f/forum/36808/management-of-azure-ad-privileged-accounts-on-safeguard/92542Mon, 20 Apr 2026 12:37:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:eac154ff-7086-4775-90f9-fbae9e725691sgainDear Tawfiq.Ahmad We are using Safeguard on demand. Successfully mapped Entra AD and using it for users and roles. However adding Azure directory as Assets unable to find platform name as Azure ADhttps://www.oneidentity.com/community/safeguard/f/forum/39773/password-rotation-for-spp-and-sps-admin-accountsMon, 20 Apr 2026 06:47:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:bcb55c1d-385e-46d3-855b-6ede0e3ad7e4sgainWe have deployed safeguard on demand (Starling) SaaS edition. Admin accounts for both SPP and SPS were created via the web interface. We would like to understand: Is it possible to enable automatic password rotation for these admin accounts? for SPS integration: We selected the Safeguard Privileged Session as platform Configured the network address as the SPS appliance hostname with SSH (port 22) Used the admin account for SPS However, this configuration is failing with the error: “The service account credential type is not valid for this action.” Could you please advise: The correct platform and configuration required for managing SPS accounts Whether SaaS-based SPS admin accounts support password rotation via SPP Any guidance would be appreciated.SPShttps://www.oneidentity.com/community/safeguard/f/forum/39772/possible-to-sign-rdp-files-in-sppFri, 17 Apr 2026 12:07:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:8619369a-7a30-4287-9f70-f0ba452641e1kmzsThis week Microsoft changed the handling of RDP files: https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/remotepc/understanding-security-warnings For RDP files that are not digitally signed the warning is visually much more strict and more importantly the user has to always enable the checkboxes to allow the remote computer access to the Clipboard (and other resources). For RDP files that are digitally signed it is possible to enable a checkbox that remembers the shared resources for future RDP connections (see screenshot: https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/remotepc/understanding-security-warnings#rdp-files-with-a-verifiable-publisher ). Is it possible to make SPP sign the RDP files before providing them to download? I could not find such an option in the settings of 8.2.1. This would be a vast improvement for the users of SPP. Best regardsSPPRDPSafeguard for Privileged Passwordshttps://www.oneidentity.com/community/safeguard/f/forum/39765/spp-backup-errorTue, 14 Apr 2026 08:46:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:56e963dd-88fa-4ec5-9014-800ccdeaef9cmwaelI am trying to delete old backup, but I got this error: cannot delete an in-progress backup: Archiving. I tried using Swagger API but got the same error. The archive server is working and have space. I am using SPP V7.0.5. Is there anyway to delete this backup ?SPPSafeguard for Privileged Passwordshttps://www.oneidentity.com/community/safeguard/f/forum/39653/share-your-safeguard-story---get-a-gift-card-or-donate-to-a-charity/92519Mon, 13 Apr 2026 22:05:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:214b5a63-fe42-454c-89f9-fa333f05c3dbMegan PennieCalling all Safeguard customers! A 10-minute survey from you can earn you $25 gift card from Gartner. We are excited to see that many of you have gotten your gift card and completed the survey -- great progress on Gartner Peer Insights. Get started here: Submit your Review on Gartner Peer Insightshttps://www.oneidentity.com/community/safeguard/f/forum/39752/getting-response-from-swagger-for-certain-gets-assets-id-effectivemanagedby/92504Fri, 10 Apr 2026 15:07:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:0d9db69f-54b9-4d24-bdf9-9dd713984b09matt toddThank you, I see why it was not returning anything now.https://www.oneidentity.com/community/safeguard/f/forum/39732/big-ip-apm-portal-access/92502Fri, 10 Apr 2026 12:36:00 GMT5f2f4fa7-ebc7-4803-900c-42d427844a5e:cc296c11-e737-43ec-8af3-32c8c4c89066chris rileyDarko, Thank you for the information but unfortunately adding the wildcard and enabling the trust forward headers option did not resolve the issue.