Policy management
The section contains Account Policies and Session Policies, allows you to view, edit, create and delete them.
For policies, data is displayed:
- Name - policy name.
- Description - custom text.
- total number of resources subject to account policy.
- total number of domains subject to account policy.
- total number of access accounts subject to session policy.- Default for user account - the default policy for connections under user's accounts.
Adding a Policy
Click Add in the Account Policies or Connection Policies section, fill in the Policy Name and Description fields.
The new policy will appear in the selected section.
To change the default policy for user accounts click 
Create a copy of the policy
Mark the policy in the Account Policies or Connection Policies section and click Create copy, fill in the Specify a new policy name and Description fields.
The copied policy will appear in the selected section..
Removing a Policy
Mark the policy in the Account Policies or Connection Policies section and click Delete.
Account policy
The account policy distributes settings to local or domain access accounts, is assigned to Resources and Domains.
To view or edit, click on the policy in the Account Policies section.
General information
- Name - policy name.
- Description - custom text.
- Policy type - account policy or session policy.
- Created by - administrator name who created policy.
- Date created - policy creation date and time.
- Changed by - administrator name who changed policy.
- Date changed - date and time of policy change.
To edit a Name or Description, click
Settings
| Option | Description |
|---|---|
| Password and SSH key showing settings | |
| Reset account password and SSH key after showing | If the option is enabled, then the user of the catalog will have the right to view the password of the access account in Self Service. |
Reset password and SSH key after X minutes after showing | After viewing the password will be reset to a random value after the specified number of minutes. |
Require a reason of password and SSH key showing | If the option is enabled, then the user of the catalog must indicate the reason before viewing the password of the access account. |
| Encrypt SSH key using generated password before showing to user | If the option is enabled, then the SSH key will be shown in encrypted form, and the generated encryption password in hidden. The encryption key and password are generated by PAM when viewing the data each time again. |
| Scheldule jobs settings | |
Periodically search new accounts | If the option is enabled then automatic search for access accounts will be performed. |
| Search new accounts once in X days | Automatic search for access accounts will be performed once in the specified number of days. |
| Periodically check account password and SSH key | If this option is enabled, it will automatically check passwords and SSH keys for access accounts. |
| Check password and SSH key once in X days | Automatic verification of passwords and SSH keys of access accounts will be performed once in the specified number of days. |
| Check password and SSH key if it's set manually | If the option is enabled, then when setting or changing the password or SSH key, they will be checked. |
| Periodically change account password and SSH key | If the option is enabled, then for access accounts the password or SSH key will be automatically changed to a random value. |
| Change password and SSH key every X days | The automatic change of the password or SSH key for access accounts will be performed once in the specified number of days. |
| Password settings | |
| Generated password length | The total number of characters for automatically generated passwords and manually entered. |
| Min. password length (manual input) | The minimum number of characters when manually changing the password. |
| Lowercase letters | If this option is enabled, then automatically generated passwords will consist of Latin lowercase letters. When combined with other settings, the password will contain at least one Latin lowercase letter. |
| Uppercase letters | If this option is enabled, then automatically generated passwords will consist of Latin uppercase letters. When combined with other settings, the password will contain at least one Latin uppercase letter. |
| Numbers | If this option is enabled, then automatically generated passwords will consist of digits. When combined with other settings, the password will contain at least one digit. |
| Special characters | If this option is enabled, then automatically generated passwords will consist of special characters. When combined with other settings, the password will contain at least one special character. |
Scope
The section contains data on which resources or domains the policy is applied to.
Session policy
Connection policies distribute settings to sessions, is assigned to Access accounts.
To view or edit, click on the policy in the Connection Policies section.
To edit a Name or Description, click
General information
- Name - policy name.
- Description - custom text.
- Policy type - account policy or session policy.
- Created by - administrator name who created policy.
- Date created - policy creation date and time.
- Changed by - administrator name who changed policy.
- Date changed - date and time of policy change.
Settings
| Опция | Описание |
|---|---|
| Require connection reason | If the option is enabled, then when connecting to the resource, the user must indicate the reason for starting the session. |
| Limit session duration | If the option is enabled, after the specified duration the session will ends automatically. |
| Save text | If the option is enabled, then after the session will be available for viewing and downloading a text log. |
| Save video | If the option is enabled, then after the session is completed, video recording will be available. |
| Frames per second | The setting determines the frame rate for video recording. |
| Video resolution | The setting allows you to set the resolution for video recording. |
| Video log rotation | If this option is enabled, then video recordings will be automatically deleted. |
| Remove video older than X days | Automatically delete video recordings older than the specified number of days. |
| Save screenshots | If this option is enabled, then screenshots of the session will be saved. |
| Screenshots interval, sec. | Saving a screenshot after a specified number of seconds. |
| Screenshots resolution | Setting allows you to set the resolution of the screenshot. |
| Screenshots log rotation | If this option is enabled, screenshots will be automatically deleted. |
| Remove screenshots older that X days | Automatically delete screenshots older than the specified number of days. |
| Save transferred to server files | If the option is enabled, then the files will be duplicated in the specified network folder when transferred to the server. |
| Transferred to server files rotation | If this option is enabled, transferred files will be automatically deleted. |
| Remove transferred to server files older than X days | Automatically delete transferred files older than the specified number of days. |
RDP Settings
| Опция | Описание |
|---|---|
| Printers | If the option is enabled, then the user will be able to forward the printer from his workplace to the final resource. |
| Clipboard | If the option is enabled, the user will be able to use the clipboard between his workstation and the end resource. |
| Smart cards | If the option is enabled, the user will be able to forward the smart card from his workplace to the resource. |
| Ports | If the option is enabled, then the user will be able to forward COM ports from his workstation to the final resource. |
| Local drives | If the option is enabled, then the user will be able to forward local disks from his workplace to the resource. |
Scope
The section contains information about which access accounts the policy is applied to.
