Permissions allow AD users to open sessions.

To work with permissions, you should have the PERMISSIONS MANAGEMENT privileges (Permission.Create, Permission.Read, Permission.Revoke, Permission.Suspend).
  • Click Create in the Permissions section

If you need to grant permission to a User group, then go to the User Groups section, select the group and click Add permission

Organizational unit

Select OU the resource is located in. This item will not be displayed when a permission is created by the Local administrator of a particular OU.

User

Any AD user that is a member of the User Directory can be used for creating a permission.

  • Enter Name, Surname, Phone number or Email in whole or in part
  • Select one or more users

Resource

Any resource added to Indeed PAM can be used for permission.

  • Enter the Resource name or Address (DNS address / IP address) in whole or in part

  • Select one or more resources

If more than one resource is selected, domain accounts or a personal user account will be used to access them.

Account

To access the resource, a local, domain or personal user account can be used.

Choosing a domain or local account

  • Enter Account name in whole or in part
  • Select an account.

Choosing a personal user account

  • Click Continue using user account on the Select account page

Time restrictions

For permission, you can set the validity period - start date and time, end date and time.

  • Select Begin and End options

  • Choose a date and time

If the Begin and End options are not selected, then the permission will be considered permanent.

You can also set Access schedule. It is not possible to use the permission outside the schedule.

  • Check Allow access only option
  • Set From and To time

If options From and To are not selected, then the permission will be valid around the clock.

When the permission expires or when the time set in the access schedule expires, the session will be terminated.

Additional Permission options

Indeed Identity PAM allows the user to view the password of privileged accounts that are used in his permissions.

  • Check the Allow user to view account credentials option (can be disabled in the mc, uc and core settings with the allowRevealCredentials option)
  • Finish creating the permission

Indeed Identity PAM allows the user to change the passwords of privileged accounts that are used in his permissions.

  • Check the Allow change account credentials option
  • Finish creating the permission
  • Finish creating the permission.

  • No labels