Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording

Similar documents
How does it look like?

Windows Authentication for Velocity Web service Client

Identity Policies. Identity Policy Overview. Establishing User Identity through Active Authentication

Appserv Internal Desktop Access Mac OS Device with Safari Browser. Enter your Appserv username and password to sign in to the Website

The Centrify browser extension

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

IMIR Reporting Services

Upgrading an ObserveIT One-Click Installation

How Do I Manage Active Directory

NetExtender for SSL-VPN

Cloud Access Manager Configuration Guide

The following topics provide more information on user identity. Establishing User Identity Through Passive Authentication

VMware Plugin Installation for Windows 8.1 or newer

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

Connect to Wireless, certificate install and setup Citrix Receiver

VMware Identity Manager Administration

Privileged Access Agent on a Remote Desktop Services Gateway

Interlink Express Desktop Printing Service Installation Guide

Using the Terminal Services Gateway Lesson 10

IT Access Portal User Guide (Employees)

Configure the Identity Provider for Cisco Identity Service to enable SSO

Active Directory Integration. Documentation. v1.00. making your facilities work for you!

Pyramid 2018 Kerberos Guide Guidelines and best practices for how deploy Pyramid 2018 with Kerberos

Logging in from Home. Follow these steps:

Windows Backup Server Installation

Steps to View Online Lectures

Performing an ObserveIT Upgrade Using the Interactive Installer

goremote.carolinas.org

Browser Set-Up Instructions

Covene Cohesion Server Installation Guide A Modular Platform for Pexip Infinity Management October 25, 2016 Version 3.3 Revision 1.

Configuring an IMAP4 or POP3 Journal Account for Microsoft Exchange Server 2003

Using the Vita Group Citrix Portal

Remote Support 19.1 Web Rep Console

An Introduction to Google Chrome

Enter your Appserv username and password to sign in to the Website

Colligo Console. Administrator Guide

Deposit Wizard TellerScan Installation Guide

Locate your Advanced Tools and Applications

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

Installing and Configuring hopto Work. System Requirements Be sure you have these system requirements to install and use hopto Work.

How to Launch an Online Course for the first time

Remote Support Web Rep Console

Microsoft Outlook Live

IBM Trusteer Rapport Solution Update

Copyright and Trademarks

8x8 Virtual Office Salesforce Call Center Interface User Guide

Module Browser-based Deployment

Accops HyWorks v3.0. Installation Guide

Connect to Wireless, certificate install and setup Citrix Receiver

User Guide. Version R94. English

umapps Using umapps 6/14/2017 Brought to you by: umtech & The Center for Teaching & Learning

New in Release: Secomea Release 8.0. This document shows the changes from release 7.4 to release 8.0. Version: 1.5, 2018

Workstation Configuration Guide

How to take up my assessment?

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series

User Guide. Version R92. English

Five9 Plus Adapter for Agent Desktop Toolkit

Installation Guide. 3CX CRM Plugin for ConnectWise. Single Tenant Version

WCM 6.0 Pro MS/SP Software Recovery Installation Guide

Troubleshooting. Participants List Displays Multiple Entries for the Same User

29 March 2017 SECURITY SERVER INSTALLATION GUIDE

ObserveIT 7.1 Release Notes

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Configuring Remote Access using the RDS Gateway

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Minimum requirements for Portal (on-premise version):

IS L02-MIGRATING TO SEP 12.1

The Cisco HCM-F Administrative Interface

Status Web Evaluator s Guide Software Pursuits, Inc.

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Blue Coat Security First Steps. Solution for Integrating Authentication using IWA BCAAA

Evaluation Guide Host Access Management and Security Server 12.4 SP1 ( )

Faculty Database (FDB) and TA Credentials Database (TADB) July 17, 2014 Launch from myuk portal

Accessing the MBA Applications Page

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Deposit Wizard Panini Installation Guide

ECM-VNA Convergence Connector

Important notice regarding accounts used for installation and configuration

Client Portal User Guide

Workstation Configuration

Partner Integration Portal (PIP) Installation Guide

24x7 Scheduler Web-based Management Console User's Guide Version 5.3

Workstation Configuration

First-Time Login Procedure on XWin32

Configuring Microsoft Outlook to Connect to Hosted Exchange Service

Parallels Remote Application Server

Getting Started with IBM Cognos 10 Reports

Remote Deposit. Getting Started Guide

Passport Acceptance Agent Training System Student Guide

Colligo Engage Outlook App 7.1. Offline Mode - User Guide

Workstation Configuration

TM1 9.5 Quick Installation and Upgrade Guide. Nature of Document: Tip or Technique Product(s): TM1 9.5 Area of Interest: Upgrade/Migration

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

ImageNow Interact for ESRI ArcGIS Server Installation and Setup Guide

KeyNexus Hyper-V Deployment Guide

Setting Up the Server

UP L12: Still on SEP 11? Let us show you how to simplify migration to SEP.

Privileged Identity App Launcher and Session Recording

Transcription:

Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording Contents 1 About This Document... 2 2 Overview... 2 3 Before You Begin... 2 4 Deploying ObserveIT with IBM SPIM... 3 5 Configuring the ObserveIT Web Server for SSO... 5 5.1 Enabling Windows Authentication for Windows Server 2008/R2 (IIS 7.0 or higher)... 6 5.2 Enabling Windows Authentication for the SessionRecordingView Website... 7 5.3 Enabling Extended Protection for the SessionRecordingView Website... 7 5.4 Adding Providers for Windows Authentication... 8 5.5 Configuring Browser Security Settings (IIS 7.0 or higher)... 8 6 Defining the ObserveIT Web Console s Permitted Users... 12 7 Importing the ObserveIT Reporting Package to IBM SPIM... 13 8 Configuring IBM SPIM Integration with ObserveIT... 17 9 Viewing Privileged User Sessions on the Integrated Portal... 19 9.1 RDP to a Remote Server using a Shared User Account... 19 9.2 Running an Integrated Report to Show Privileged Sessions in the IBM SPIM Console... 20 9.3 Searching for Privileged Sessions by Keyword in the ObserveIT Web Console... 23 Copyright 2013 ObserveIT. All rights reserved.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 2 1 About This Document This document provides instructions on how to configure ObserveIT in order to integrate ObserveIT s Enterprise Session Recording with IBM Security Privileged Identity Manager, for the purpose of monitoring privileged user activity on managed endpoints. 2 Overview The configuration of ObserveIT in the IBM Security Privileged Identity Manager enables administrators to access specific Web pages in the ObserveIT Web Management Console in order to search for IBM privileged user activity on managed endpoints. By configuring SSO (Single Sign-On) as the authentication method, logged-in administrators can gain access to the ObserveIT Web pages directly without being prompted to log in again to access the ObserveIT system. 3 Before You Begin Before you begin the configuration process, please review the ObserveIT System Requirements and Supported Platforms. Note: The most up-to-date release product documentation is available online at: http:///support/documentation.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 3 4 Deploying ObserveIT with IBM SPIM This section describes the requirements for deploying ObserveIT with IBM SPIM. The ObserveIT Server must be deployed on a Windows-based server. For detailed information about the ObserveIT Server installation, please refer to the ObserveIT Installation Guide. After installation of the ObserveIT Server components, you must configure the ObserveIT Web Server for SSO, as described in the next section Configuring the ObserveIT Web Server for SSO. ObserveIT Agents must be deployed on all Windows-based or Unix/Linux-based servers that SPIM administrators wish to monitor. In order to enforce secondary authentication for all shared accounts, you must configure a recording policy in the ObserveIT Web Management Console. This is done in the Identification Policy section of the Server Policies page (Configuration >Server Policies), as shown in the following screenshot.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 4

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 5 5 Configuring the ObserveIT Web Server for SSO In order to integrate IBM Security Privileged Identity Manager with the ObserveIT system, the ObserveIT Web Server must be configured for SSO. ObserveIT configures IWA (Integrated Windows Authentication) to enable direct login to the ObserveIT system with the same user that logged on to the computer. Note: Before installing ObserveIT using the "One Click" installation method, you must define SSO in the ObserveIT.Installer.exe.config file, as follows: 1 From the TypicalInstall folder under the ObserveIT installation package path (e.g., ObserveIT_Setup_v5.6.8\TypicalInstall), open the ObserveIT.Installer.exe.config file. 2 Verify that following key is set to: <add key= SSO value= True />. During installation of the ObserveIT Web Management Console, ObserveIT configures a new Website named SessionRecordingView, which contains the parameters required for integration with ObserveIT. The parameters are received via a URL from IBM, as shown in the following example: http://localhost:4884/observeit/integration/sessionrecordingview/login.aspx?prd=tivoli- IDM&startTime=YYYYMMDDHHMMSS&endTime=YYYYMMDDHHMMSS&servername=serverName&loginID=doma in@login&userid=domain@user The following steps are required to configure the ObserveIT Web Server for SSO authentication: Enabling Windows Authentication for Windows Server 2008/R2 (IIS 7.0 or higher) Enabling Windows Authentication for the SessionRecordingView Website Enabling Extended Protection for the SessionRecordingView Website Adding Providers for Windows Authentication Configuring Browser Security Settings (IIS 7.0 or higher) Important Notes: When deploying ObserveIT on Windows Server 2003 with IIS 6.0, no manual configuration is required after installing the ObserveIT Server. Before deploying ObserveIT on Windows Server 2012 with IIS 8.0, please follow the instructions described in the product documentation here.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 6 5.1 Enabling Windows Authentication for Windows Server 2008/R2 (IIS 7.0 or higher) The following configuration must be done before installing ObserveIT on IIS 7.0: 1 On the taskbar, click Start, point to Administrative Tools, and select Server Manager. 2 In the Server Manager hierarchy pane, expand Roles, and then select Web Server (IIS). 3 In the Web Server (IIS) pane, scroll to the Role Services section, and select Add Role Services. 4 On the Select Role Services page of the Add Roles Wizard, under Security (Installed) select the Windows Authentication check box. Note: If you are configuring Windows authentication on Windows Server 2012 (with IIS 8.0), the Select Server roles page will look like this: 5 Click Next. Check your selections, and then click Install. 6 When the Results page appears, click Close.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 7 5.2 Enabling Windows Authentication for the SessionRecordingView Website Note: During the ObserveIT installation, the SessionRecordingView Website is created under the ObserveIT Web Console folder: C:\Program Files (x86)\observeit\web\observeit\integration. This procedure describes how to enable Windows Authentication for the Website. 1 Open Internet Information Services (IIS) Manager. Windows Server 2008 or Windows Server 2008 R2: 1. On the taskbar, click Start. 2. Point to Administrative Tools, and then click Internet Information Services (IIS) Manager. Windows Vista or Windows 7: 1. On the taskbar, click Start, and then click Control Panel. 2. Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager. 2 Under IIS Manager, expand the server name, expand Sites, and then expand ObserveIT Application=> ObserveIT =>Integration =>SessionRecordingView. 3 Scroll to the Security section in the Home pane of the SessionRecordingView Web site, and doubleclick Authentication. 4 In the Authentication pane, select Windows Authentication, and then click Enable in the Actions pane. 5.3 Enabling Extended Protection for the SessionRecordingView Website After enabling Windows Authentication for the SessionRecordingView Website (described above), you should provide extended protection for the Windows authentication, as follows: 1 In the Actions pane, click Advanced Settings. 2 In the Advanced Settings dialog box, select the required option from the Extended Protection drop-down list: Accept - To enable extended protection while providing down-level support for clients that do not support extended protection. Required - To enable extended protection without providing down-level support.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 8 3 Click OK to close the Advanced Settings dialog box. 5.4 Adding Providers for Windows Authentication After installing ObserveIT and enabling Windows Authentication for the SessionRecordingView Website, you can also add providers for the Windows authentication. The following steps describe how to configure the NTLM provider for Windows Authentication: 1 In the Actions pane, click Providers. 2 In the Providers dialog box, make sure that NTLM appears in the list of Enabled Providers. If not, add the NTLM provider from the Available Providers section. 3 Click OK to close the Providers dialog box. 5.5 Configuring Browser Security Settings (IIS 7.0 or higher) The following procedures describe how to: Configure the SessionRecordingView Website in your browser. Enable automatic logon with the current username and password. Note: Configuring browser settings is done after installing ObserveIT.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 9 To configure the SessionRecordingView Website in Internet Explorer 8 or 9: 1. From the Tools menu, select Internet Options. 2. In the Security tab of the Internet Options dialog box, select the Local intranet zone, and click Sites. 3. In the Local intranet dialog box, click Advanced.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 10 4. Add your trusted SessionRecordingView Website to the local intranet zone. 5. Click Close. Notes about configuring the Website on other browsers: o o On Chrome browsers, trusted Website settings are automatically inherited from Internet Explorer. To configure a trusted Website in Firefox: 1 In the Firefox address bar, enter about:config. 2 Enter network.automatic-ntlm-auth.trusted-uris in the Search field, then double-click it. 3 In the dialog box that opens, enter your Website (https://name of computer), then click OK. To enable the user to log on to ObserveIT s Web Management Console automatically with the current username and password, do the following: 1 After adding your trusted Website in your browser (Internet Explorer 8 or 9), in the Local intranet dialog box, click the Custom level button.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 11 2 In the Security Settings dialog box, select User Authentication => Logon => Automatic logon with current user name and password. 3 Click OK. 4 Save your browser security settings by clicking Apply and then OK in the Internet Options dialog box. Note the following: 1 You must make sure that the server and client PC are Windows 7 and are in the same domain. 2 Since your client PC is part of a domain, you must have a GPO (Group Policy Object) for these settings, otherwise, the settings will revert back the next time that the user logs on to Windows. The same user that logged on to the computer can now access the ObserveIT system directly without receiving any username and password prompts!

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 12 6 Defining the ObserveIT Web Console s Permitted Users In order for administrators to access the ObserveIT Web Management Console for viewing user activity, they must be defined in the ObserveIT Web console s list of permitted users. When deploying ObserveIT with IBM Security Privileged Identity Manager, ObserveIT s Identification policy requires that users provide their Active Directory ID when logging in with a shared account as Administrator. The following procedure describes how to configure new console users with an Active Directory ID. To create a new Active Directory user 1 Run the ObserveIT One-Click installation setup. 2 In the ObserveIT Web Management Console, open the Configuration => Console Users tab. 3 Create a new Active Directory user. 4 Log off from the current session (which was used to perform the installation). 5 Log on with the new Active Directory user.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 13 7 Importing the ObserveIT Reporting Package to IBM SPIM 1 Download the PIM Session Replay Report.zip from here. 2 Copy the reporting package to the IBM PIM Server at the following location: C:\IBM\tivoli\tipv2Components\TCRComponent\cognos\deployment. 3 Log in to the Integrated Portal: https://<spim hostname/ip>:16311/ibm/console/secure/securelogon.do. 4 Under Reporting > Common Reporting, select the Public folders tab, and then select the check box alongside PIM Session Replay Reporting Model. 5 Click the Delete icon at the upper right corner. Click OK in the pop-up menu. 6 Select Launch > Administration.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 14 7 In the Administration window, click the Configuration tab. 8 Delete the PIM Session Replay Report by selecting the check box and clicking the icon in the upper menu options. 9 Click the New Import icon in the upper menu. 10 In the New Import wizard, select PIM Session Replay Report. Click Next.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 15 11 Click Next again. 12 Select the check box next to PIM Session Replay Report, and click Next. 13 Click Next twice. In the Review the summary page of the New Import wizard, check the settings. If the settings are correct, click Next. 14 In the next page, make sure that the Save and run once option is selected, and then click Finish. 15 In the Run with options page, select when you want to run the report, and click Run. 16 On the next page, check your configured settings, and then click OK. The new ObserveIT reporting package is imported into the IBM PIM model.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 16 17 By clicking the Home page icon, you can also see that the IBM PIM model was updated.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 17 8 Configuring IBM SPIM Integration with ObserveIT 1 In the Integrated Portal, under Reporting > Common Reporting, select the Public folders tab, and then select PIM Session Replay Reporting Model. 2 Open the report "Application Usage with session replay Report. 3 Navigate to Query Explorer.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 18 4 Edit the query name "Main query" by configuring the parameters shown below.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 19 9 Viewing Privileged User Sessions on the Integrated Portal This section describes how to: RDP to a remote server using a shared user account Run an integration report to show privileged user sessions View session summaries and video recordings Search for specific user sessions and replay them 9.1 RDP to a Remote Server using a Shared User Account 1 A privileged user opens an RDP session (Windows or Unix) to the required server and logs in via the IBM Security Privileged Identity Manager using a shared account. 2 After entering a shared access ID, if ObserveIT s Identification Services are enabled, users will be requested to identify themselves by a secondary ObserveIT log on prompt. Note: Secondary authentication is currently supported only on Windows. Future versions will also provide support for Unix secondary authentication.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 20 After successful login, a user session automatically begins and all user actions will be recorded. After sessions are recorded, you can review session activity summaries and session videos directly from within the IBM Security Privileged Identity Manager Admin Console. You can find recorded Windows or Unix sessions by running Reports or by using the Search option. 9.2 Running an Integrated Report to Show Privileged Sessions in the IBM SPIM Console 1 In the Integrated Portal, under Reporting > Common Reporting, select the Public folders tab, and then select PIM Session Replay Reporting Model. 2 Open the report Application Usage with Session Replay Report by clicking the link. The Application Usage Report enables you to review session activity summaries and session videos directly from within the IBM Security Privileged Identity Manager. 3 You can filter user sessions to review them by date/time, user, or endpoint. The following screenshots provide an example of the Application Usage Report filtered according to user name kristin.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 21 4 After specifying the filter parameters and clicking on Finish, the list of sessions will be displayed. 5 To view a summary of all sessions that were captured by ObserveIT, click the Video icon next to the session that you are interested in.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 22 6 To view a summary of all user activities in the recorded session, click the + sign to the left of the session details. 7 To view a video recording of the session, click the Video icon alongside the session. The Session Player opens. It plays the recorded session starting from the first slide throughout the entire recording until it reaches the last slide. You can also click on a window title in the user activities list in order to play the recorded session directly from that point onwards.

INTEGRATING IBM SECURITY PRIVILEGED IDENTITY MANAGER WITH OBSERVEIT ENTERPRISE SESSION RECORDING 23 9.3 Searching for Privileged Sessions by Keyword in the ObserveIT Web Console In the ObserveIT Web Console, you can perform Google-like searches for sessions and user activities, based on keywords in the metadata information that is stored in the database. You can expand the user session in which you are interested by clicking the [+] sign to the left of the user session. You can read through the textual transcript and find the user action that is of interest. By clicking the Video icon next to the user session, the ObserveIT Session Player will begin replaying the entire recorded session from beginning to end. The replay can be paused, resumed, fast forwarded or rewound, and zoomed in or out.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback