Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

Similar documents
This chapter provides information about managing end user directory information.

Ekran System v Program Overview

End User Setup. About End User Setup

User Management in Resource Manager

How to Configure Authentication and Access Control (AAA)

FAQ. General Information: Online Support:

Verizon MDM UEM Unified Endpoint Management

10 Active Directory Misconfigurations That Lead to Total Compromise Austin, TX 201 W 5th St.

User Databases. ACS Internal Database CHAPTER

ACS 5.x: LDAP Server Configuration Example

Manage Administrators and Admin Access Policies

Understanding Admin Access and RBAC Policies on ISE

Manage Administrators and Admin Access Policies

Application User Configuration

Logging In to the Program

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

SharePoint AD Administration Tutorial for SharePoint 2007

Manage Administrators and Admin Access Policies

INSTALLATION GUIDE Spring 2017

Two factor authentication for Microsoft Remote Desktop Web Access

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

Windows Authentication. Delphi Service Pack 3. Document Version /10/09

RED IM Integration with Bomgar Privileged Access

EveryonePrint Integration with Equitrac. Configuration Guide. EveryonePrint Integration with Equitrac Page 1 of 14

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10

Enterprise Rights Management: Document Protection

Microsoft SQL Installation and Setup

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Options for managing Shared Folders

AVS Portal Security User Guide

29 March 2017 SECURITY SERVER INSTALLATION GUIDE

Administration Guide

Welcome To Account Manager 2.0

User Guide. Version R92. English

Nuance Management Center

Chime for Lync High Availability Setup

Vault. Vault. End User Guide END USER GUIDE. L o r e. (For Standard, Professional & Enterprise Editions)

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Xton Access Manager GETTING STARTED GUIDE

NetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues.

Secret Server User Guide

Managing Users and Configuring Role-Based Access Control

Outlook Desktop Application for Windows

Real Application Security Administration

Novell Identity Manager

TREENO ELECTRONIC DOCUMENT MANAGEMENT. Administration Guide

VWP LSI & LSI W User Management Guide

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

OKTA users provisioning for Vable platform

AD Sync Client Install Guide. Contents

Sophos Mobile super administrator guide. Product version: 7.1

VMware Horizon JMP Server Installation and Setup Guide. 13 DEC 2018 VMware Horizon 7 7.7

MyFloridaNet-2 (MFN-2) Customer Portal/ Password Management/ VPN Reference Guide

Admin Table is oftr Caoto ntr e s U ntsser Guide Table of Contents Introduction Accessing the Portal

User Guide. Version R94. English

Ekran System v Program Overview

Application User Setup

Comodo IT and Security Manager Software Version 6.9

SMEC ASSET MANAGEMENT SYSTEM PMS Version 5.5. System Administrator s Guide

McAfee File and Removable Media Protection Product Guide

Configuring Role-Based Access Control

Azure MFA Integration with NetScaler

Getting Started with Cisco WebEx Meeting Applications

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Oracle Database. Installation and Configuration of Real Application Security Administration (RASADM) Prerequisites

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Contents About This Guide... 5 About Notifications... 5 Managing User Accounts... 6 Managing Companies Managing Password Policies...

Nuance Management Center

CLI users are not listed on the Cisco Prime Collaboration User Management page.

User Account Manager

Desktop LP - Connect Guide. Version 2.1 February 2016

VMware Horizon JMP Server Installation and Setup Guide. Modified on 19 JUN 2018 VMware Horizon 7 7.5

SAS Viya 3.3 Administration: Identity Management

Ekran System v.5.1 Help File

How to Integrate an External Authentication Server

ArcGIS for Server: Security

Comodo IT and Security Manager Software Version 6.4

Comodo Endpoint Manager Software Version 6.25

Security in the Privileged Remote Access Appliance

Installation Guide for 3.1.x

scconnect v1.x ADMINISTRATION, INSTALLATION, AND USER GUIDE

Sophos Mobile. super administrator guide. Product Version: 8

Microsoft Office Groove Server Groove Manager. Domain Administrator s Guide

Secret Server User Guide

NTP Software VFM. Administration Web Site for EMC Atmos User Manual. Version 6.1

MyFloridaNet-2 (MFN-2) Customer Portal/Password Management Reference Guide

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Ekran System v.6.3 Help File

GoToMyPC Corporate Administrator Guide

Securing ArcGIS Services

Workspace ONE UEM Certificate Authority Integration with Microsoft ADCS Using DCOM. VMware Workspace ONE UEM 1811

Comodo IT and Security Manager Software Version 6.6

Lightweight Directory Access Protocol (LDAP)

SailPoint IdentityIQ 6.4

ServiceNow Deployment Guide

DreamFactory Security Guide

REACH Remote Deposit Capture

Securing ArcGIS for Server. David Cordes, Raj Padmanabhan

Oracle. Loyalty Cloud Securing Loyalty. Release 13 (update 18B)

FedLine Web Certificate Retrieval Procedures

Transcription:

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

Table of Contents About... 3 Using Privileged User Accounts... 4 Password Vault Configuration... 5 Defining Domain Administrator Credentials... 6 Adding Privileged User... 7 Editing Privileged Account... 8 Deactivating Privileged Account... 8 Using Privileged Accounts... 9 Viewing Privileged Sessions... 10 2

About About If you want to provide users temporary access to the particular computer or computer group without revealing credentials, you can add a privileged user. This feature is available if you have the Enterprise license for Ekran System and the Terminal Server license for Clients from which users will get access to protected computers (Jump Servers). Account credentials of shared privileged accounts are automatically generated and stored in a password vault. The passwords are encrypted with the RSA key stored in the Certificate Storage on the Server and auto-changed every 24 hours until the account is not deactivated. The passwords are also reset every time after the account expiration. It allows enhancing data access security. 3

Using Privileged User Accounts Using Privileged User Accounts To use the Privileged Accounts feature, do the following: 1. Make sure that you have Enterprise license activated. 2. Configure the password vault. NOTE: You can use MS SQL Express for a password vault. 3. On the Configuration page, LDAP Target tab, define the administrator credentials for the domain in which shared accounts will be created. These credentials will be encrypted and saved to the password vault. 4. Select the Enable jump server mode option for the Client with the assigned Terminal Server license. 5. Add a privileged user. 6. The shared account for access to the defined computer/computer group will be automatically created in the selected domain. Its credentials will be stored in the password vault in the encrypted format. 7. Now, the user can work with the protected computers using the remote desktop connection under the created privileged user account. 4

Password Vault Configuration Password Vault Configuration Password vault is an SQL database for storing encrypted credentials of the shared accounts used for privileged access. To configure a password vault, do the following: 1. Log in to the Management Tool as a user with the administrative Database Management permission. 2. Click the Database Management navigation link to the left. 3. On the Password Vault tab, select Use password vault. 4. Define the instance, database name, user, and password of the SQL database to be used as a password vault. 5. Click Save. 5

Defining Domain Administrator Credentials Defining Domain Administrator Credentials Domain Administrator credentials are required for creation of shared accounts used for privileged access. To define the domain administrator credentials, do the following: 1. Click the Configuration navigation link to the left. 2. On the LDAP Targets tab, select the LDAP target for which you want to edit the configuration, and click Edit. 3. Define the domain administrator login and password. 4. Click Finish. Domain administrator credentials are saved. 6

Adding Privileged User Adding Privileged User To add a new privileged user, do the following: 1. Log in to the Management Tool as a user with the administrative User Management permission. 2. Click the Access Management navigation link to the left. 3. On the Privileged Accounts tab, click Add User. 4. The Privileged Accounts window appears. 5. Select the user you give access to the computer or computer group. For the Active Directory user, select a user and domain. You can select a user group to give access to all users belonging to it. For the Local computer user, select the user login and computer name. For the Ekran System user for secondary authentication, select the user login. These credentials will be checked if the Forced user authentication is enabled on the target computer. 6. Select a computer or computer group to which user will access using the remote desktop connection (target computers). To do this, select the domain and computer or computer group from the corresponding lists. NOTE: The administrator s credentials for the selected domain must be defined. 7

Editing Privileged Account 7. Select a domain group from which the privileged account will inherit permissions (target computers). This must be a user group whose members are allowed to login to the target computers remotely. 8. Define the date when privileged account will be deactivated. 9. Add comment, if necessary. 10. Click Grant Access. 11. The privileged account is generated in the selected domain user group. Its credentials are stored in the password vault and the user can access the selected computers via Ekran System remote access application. NOTE: If you select a domain user group as a privileged user, then a separate shared account will be created for each member of this group. Editing Privileged Account Once you created the shared account for the privileged user, there is no way to edit it. You have to delete the record deactivating the account and then create a new one with the edited parameters. Please note that if you created the shared account for the user once, then it will not be re-created but only re-activated with a new password. Deactivating Privileged Account To deactivate the privileged account, do the following: 1. Log in to the Management Tool as a user with the administrative User Management permission. 2. Click the Access Management navigation link to the left. 3. On the Privileged Accounts page, click Delete in the selected user row. 4. Click Delete in the confirmation window. 8

Using Privileged Accounts 5. The privileged account of the selected user is deactivated. It can be deleted via Active Directory. Using Privileged Accounts To access remote computer via Ekran System remote access application, do the following: 1. Login to the Jump Server as a user for whom the shared privileged account has been created. Please note that if the forced user authentication is enabled on the Jump Server, then credentials of the secondary user will be checked. 2. Click Remote Access in the Client tray menu. 3. The Ekran System Remote Access application opens. The drop-down list contains the list of computers to which you have been granted access. If you have been granted access to the computer group, the drop-down list will be empty and you will have to enter the name of the computer or its IP manually. 4. Select the computer from the drop-down list or enter its name/ip, click Connect. 4. The auto-logged remote desktop session under the shared privileged account starts. 9

Viewing Privileged Sessions Viewing Privileged Sessions If the Ekran System is installed only on the jump server, you can view a privileged session as a part of the original Jump Server session. If the Client is installed on the protected target computer, you can view the privileged session as a session of the shared account. 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback