Seeking Safeguard for Privilege Passwords platform security questions for my Organization's Application Architecture

Hi,

1. Is the Safeguard for Privilege Passwords platform intended for use as a Secrets Management Platform to support nonhuman workloads or is it primarily a human admin focused PAM tool.

Answer: SPP does support A2A (Application to Application) access for passwords

2. How do applications prove their workload identity / avoid impersonation when accessing secrets? (i.e., protect the initial authentication mechanism to the secrets vault) – ideally a solution like Azure keyvault would be in place to avoid storing a secret to authn

Answer: Please refer to the Admin guide here:
support.oneidentity.com/.../91

3. Can Safeguard for Privilege Passwords integrate with Azure DevOps build pipelines?

Answer: Please refer to the Github page here:
github.com/.../SafeguardDevOpsService

4. How does Safeguard for Privilege Passwords integrate with .net/node.js/java/powershell/etc, are the secrets pulled dynamically at runtime?

Answer: SPP uses a REST API, please refer to the admin guide here:
support.oneidentity.com/.../3

5. How would devs use the system locally at build-time?
Need more details on this question.

6. Safeguard for Privilege Passwords integrate/synchronize passwords to azure keyvault? AWS Secrets Manager?

Answer: Please refer to the Github page here:
github.com/.../SafeguardDevOpsService

7. Auditing: How granularly is password access / attempted access recorded? How/Who/When things are accessed? Log retention period?

Answer: yes SPP records audit logs and its retained based on Audit log maintenance configuration, please refer to the admin guide section here:

support.oneidentity.com/.../140

- Audit Log maintenance:
support.oneidentity.com/.../26

Additional Security Architecture documentation can be found here:
www.oneidentity.com/.../understanding-the-security-architecture-of-the-one-identity-safeguard-appliance-technical-brief-25629.pdf

8. At the end-user UI level, who has access to see the secrets? How is permissioning handled?

Answer: SPP uses Entitlements, please refer to the admin guide section here:
support.oneidentity.com/.../95

9. Does Safeguard for Privilege Passwords offer functionality to rotate secrets?

Answer: SPP does have a feature which uses Password Profiles to schedule password checks and changes in addition to change after check-in of request.
Link: support.oneidentity.com/.../76

10. Performance/Scalability/Availability: How is the system architected in current implementation, could it be relied upon for a critical 24x7 system?

Answer: SPP does support a clustered configuration, please refer to the admin guide link here:
support.oneidentity.com/.../35

11. What kind of traffic can it support for a portfolio full of applications talking to it?

Answer: Please refer to the admin guide here:
https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-passwords/7.3/administration-guide/2#TOPIC-2015587

Thanks!