Release Notes
05 January 2023, 12:33
These release notes provide information about the One Identity Safeguard for Privileged Sessions release. For the most recent documents and product information, see One Identity Safeguard for Privileged Sessions - Technical Documentation.
One Identity Safeguard for Privileged Sessions Version 7.1.1 is a release with new features and resolved issues. For details, see:
NOTE: For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide.
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
One-stop solution for all privileged access management needs
Easy to deploy and integrate
Unparalleled depth of recording
Comprehensive risk analysis of entitlements and activities
Thorough Governance for privileged account
The suite includes the following modules:
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
Share connection policy with SPS
The Functions shared with SPP option has been extended with the new Share connection policy with SPS option. Using the Share connection policy with SPS option, you can initiate sessions from SPS without using SPP directly, but using the credentials provided by and stored in SPP. Currently, the Share connection policy with SPS option is supported with SSH and RDP protocols.
Navigate to:
RDP Control > Connections
SSH Control > Connections
Export zat/zatx...
Using the new Export zat/zatx... option of Safeguard Desktop Player, you can save the audit trail currently opened to a selected location.
AA plugin
AA plugin is also enabled beside SGAA plugin in SSH and RDP connection policies. For more information, see the following topics in the SPS Administration Guide:
Sharing SSH connection policies with SPP
Sharing SSH connection policies with SPS
Sharing RDP connection policies with SPP
Sharing RDP connection policies with SPS
Sharing worker resources between multiple indexer services
You can now share your worker resources between multiple indexer services by configuring a service pool. For more information, see Configuring a service pool in the SPS Administration Guide.
Federated login with SAML2
The SPS web interface now supports federated authentication and single sign-on with SAML2.
In SPP version 7.0, the Desktop client has been deprecated and only the web UI is available. The terminology has been updated in configuring SPP for Sessions-, and for Passwords-initiated workflows in the SPS Administration Guide.
The session search cleanup has been modified: the Delete search metadata from SPS after option has been removed from the connection policies and from the Global options. The session search cleanup option is available under Policies > Audit data cleanup policy.
Retrieving all sessions from the session database with the advanced search method
Using the advanced search method, you can retrieve all session metadata stored at a specified moment from the sessions database. The advanced search method builds on using session database snapshots.
Defaults query parameter
You can now use the ?defaults query parameter to get information about all default configuration values under /api/configuration. For more information, see Defaults query parameter in the SPS REST API Reference Guide.
SPS support bundle generation
Previously, generating a support bundle for SPS was possible only from the SPS web interface, at Basic Settings > Troubleshooting > Create support bundle. Using the /support-bundle endpoint, administrators can start support bundle generation jobs and download a snapshot of the current state of the specified SPS appliance. To troubleshoot multiple SPS appliances, you must generate the support bundle for each appliance.
SAML2 login using REST
Configure the SAML2 (Security Assertion Markup Language 2.0) Service Provider settings to control federated user access to SPS.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
