Resource accounts management

To start RDP, SSH or web sessions under resource local accounts, as well as to manage those, it is necessary to add them to Indeed PAM database. This can be done in two ways.

Adding an account manually

1. Switch to the Resources section and find the required resource.
2. Open the resource profile and click Add account.
3. Fill in the Account name and Description fields.
   
   
4. Select one of the password setting options:

   • Not set

     This option is only available if user or service SSH connection is used, as this connection type allows for account storage with SSH key only. If Not set option is selected, then you should set a SSH key for the account.

   • Generate random password

   • Set password manually
     

     Options Generate random password or Set password manually + Change password on resource can only be used with service connection. If Set password manually option is selected, and Change password on resource is not, then the account SSH key is changed in the Indeed PAM only.
     

   
5. Select one of the SSH key setting options:
   • Generate new SSH key

   • Set SSH key manually

     Options Generate new SSH key or Set SSH key manually + Change SSH key for resource can only be used with service connection. If Set SSH key manually option is selected, and Change SSH key for resource is not, then the account SSH key is changed in the Indeed PAM only.

   

6. Select the session policy.
   

7. Look through the account parameters again and click Save.

   If you need to modify the account parameters, simply click Back to return to the required step.

   

The account is then displayed in the Resource local accounts tab. You can now use it to set permissions.

Account synchronization

1. Switch to the Resources section and search for the required resource.
2. Open the resource profile and click Sync accounts.

3. Confirm the action by clicking Synchronize.
   In this case, two tasks will be independently performed:

   • Data synchronization – the name of the operating system, its version and resource name are updated;

   • Accounts synchronization – data on accounts, their groups in the PAM database is compared with the actual data on the resource and their update is performed.
     

     The Synchronization option can only be used with service connection.

The found accounts are then displayed in the Resource local accounts tab with Pending status (). To continue working with accounts, you need to change their status. Changing the status of accounts is described in the section Account states management.