Versions Compared

Old Version 1

changes.mady.by.user Pavel Golubnichiy

Saved on

compared with

New Version 2

changes.mady.by.user Unknown User (anastasia.antonenko)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Info about Active Directory account is moved to a separate page

Active Directory

Indeed Identity PAM interacts with end users through an account that will read directory users and their attributes

Account to use with user directory

  1. Run the Active Directory Users and Computers snap-in
  2. Open the context menu of organizational unit or container
  3. Select Create - User item from the menu
  4. Specify the user name, say, IPAMManager
  5. Fill in the mandatory fields and complete the account creation

Alternatively, you can use an existing account.

Storage of video, screenshots and transferred files

File storages are necessary for aggregation and long-term storage of videos, screenshots and files transferred in sessions.

File storage account

Warning
iconfalse

A domain account is required to work with file storage, recommended to use the already created IPAMStorageOps account. 

Create and configure file storage

  1. Log in to the server, which will act as a file storage
  2. Create folders, for example MediaDataShadowCopyScreencasts
  3. Right click on the folder you created, select the item Share with > Specific people
  4. Enter the username, for example IPAMStorageOps and click Add
  5. In the "Permission level" column, click the Read value next to the IPAMStorageOps user and select Read/Write from the menu.
  6. Finish by clicking Share

Data storage

Indeed Identity PAM uses Microsoft SQL Server or PostgreSQL Pro to store data. The following components require databases:

  • IPAMCore - PAM Core component database is used to store Indeed Identity PAM privileged accounts, resources, permissions, and other service data
  • IPAMCoreJobs - PAM Core component database is used to store scheduled jobs
  • IPAMIdp - IdP component database is used to store authenticators of Indeed Identity PAM users and administrators
  • IPAMIdpJobs - IdP component database is used to store scheduled jobs
  • ILS - Log Server component database is used to store the Indeed Identity PAM event

Database creation

Divbox
stylebackground:#FAFAFA


Expand
titleMicrosoft SQL Server
  1. Launch Microsoft SQL Management Studio (SSMS) and connect to Microsoft SQL Server instance
  2. Open the context menu of Databases item
  3. Select the New Database item
  4. Specify a database name, for example IPAMCoreIPAMCoreJobsIPAMIdP, IPAMIdpJobs, ILS
  5. Click ОK



Divbox
stylebackground:#FAFAFA


Expand
titlePostgreSQL, PostgreSQL Pro
  1. Launch pgAdmin and connect to the PostgreSQL Pro server
  2. Open the context menu of the Databases item 
  3. Select Create, Database
  4. Specify a database name, for example: IPAMCoreIPAMCoreJobsIPAMIdP, IPAMIdPJobs, ILS
  5. Click Save


Creating a service account to work with data storage

Divbox
stylebackground:#FAFAFA


Expand
titleMicrosoft SQL Server
  1. Start Microsoft SQL Management Studio (SSMS) and connect to the Microsoft SQL Server instance
  2. Expand the Security item
  3. Open the context menu of Logins item
  4. Select the Create login item
  5. Enter the name, for example IPAMSQLServiceOps
  6. Select SQL Server authentication item and fill in the required fields
  7. Switch to User Mapping item
  8. Check IPAMCoreIPAMCoreJobsIPAMIdP, IPAMIdPJobs and ILS databases
  9. Check database roles db_ownerdb_datareader and db_datawriter
  10. Click ОK



Divbox
stylebackground:#FAFAFA


Expand
titlePostgreSQL, PostgreSQL Pro
  1. Launch pgAdmin and connect to the PostgreSQL Pro server
  2. Open the context menu of the Login/Group Roles item
  3. Select Create, Login/Group Role
  4. Specify a Name, for example IPAMSQLServiceOps
  5. Go to Definition tab, enter the new password for account
  6. Go to Privileges tab, check Yes for Can Login? and Superuser? items
  7. Click Save, repeat for the rest of the databases.



Note
iconfalse

The grants db_owner for Microsoft SQL Server and Superuser for PostgreSQL are required only for the first access to the database.


Backtotop
Delay0
Distance250


Divbox
classrightFloat

Table of Contents
printablefalse