Page History

Backup Accounts

Solutions of Privileged Access Management class are a combination of hardware, software and organizational tools that protect privileged accounts from unauthorised use.

One of the Axidian Privilege Indeed Identity PAM protection mechanisms is isolation of account passwords in the Axidian Privilege Indeed Identity PAM Core storage, encryption of those, as well as change of passwords to random or user-specified values on schedule or upon request.

The Axidian Privilege Indeed Identity PAM Core storage is a critical element. If it is damaged, then all the resources become inaccessible, since account passwords are unknown either to administrators or users.

It is highly recommended to assign a backup account for every resource. This account must possess local administrator privileges (Windows) or have privileges to execute SUDO command (Unix\Linux). This would allow to restore resource accessibility in case the data storage of Axidian Privilege Indeed Identity PAM Core fails. Therefore, you should assign an employee who is responsible for storing the backup accounts and passwords.

Access to

Indeed Identity PAM

To provide for security of Axidian Privilege Indeed Identity PAM components, it is recommended to install the system according to Basic deployment. In this case, the following components are installed on a single server:

• Axidian Privilege Indeed Identity PAM CoreAxidian Privilege
• Indeed Identity IdP
• Axidian Privilege Indeed Identity PAM Management ConsoleAxidian Privilege
• Indeed Identity PAM User Console
• Axidian Privilege Indeed Identity Log Server
• Axidian Privilege Indeed Identity PAM EventLog
• Microsoft SQL Server or PostgreSQL

Placing the key components of Axidian Privilege Indeed Identity PAM and data storage to a single server allows to reduce risk of their unauthorized use. The following ports must be open to provide for correct operation: