Licenses
The section contains Indeed Identity PAM Axidian Privilege licensing information.
| Page properties |
|---|
|
 Image Modified
|
The section displays the following data:
- Installation ID - — a unique installation code is required to generate a license.
- User licenses available - — total number of user licenses.
- User licenses used - total — total number of licenses used.
- Resource licenses available - — total number of resource licenses.
- Resource licenses used - — number of licenses used.
The following data is displayed for each license:
- Start date - license — license start date.
- End date - license — license expiration date.
- User licenses - — total number of user licenses.
- Resource licenses - — total number of licenses used.
- Issue date - license — license release date.
Add License
Click Add and select a license file.
Removing
lLicenses
Mark the required license and click Delete.
System
settingsSettings
Blocking when entering incorrect OTP
| Option | Description |
|---|
| Number of failed OTP access attempts allowed | After exceeding this value the user will be temporarily blocked, i.e. will not be able to enter OTP. Min value: 0 Default value: 10 Max Value: 99 0 means that no blocking is applied, i.e. the number of input attempts is not limited. |
| Lockout duration | Defines the period of time after which the user will be unblocked and will be able to enter OTP again. Min value: 1 Default value: 10 Max Value: 9999 |
Scheduled jobs settings
| Option | Description |
|---|
| Account checking start time | At this time |
PAM | Axidian Privilege will start checking all active |
accounts in | accounts in the Managed state |
. |
| Resources and accounts syncing start time | At this time |
PAM | Axidian Privilege will start resource information syncing and accounts syncing for resources and domains |
. |
| Account password reset start time | At this time |
PAM | Axidian Privilege will generate new passwords for accounts |
. |
| Service connection checking start time | At this time |
PAM | Axidian Privilege will start checking service connection to resources and domains |
. |
| Session log rotation start time | At this time |
PAM | Axidian Privilege will start session log rotation |
.
Video settings
| Option | Description |
|---|
| Video recording codec options | The libx264 codec is used by default with the following settings:
libx264 -preset medium -tune zerolatency |
| Video streaming codec options | The libx264 codec is used by default with the following settings:
libx264 -g 10 -tune zerolatency |
| The duration of the recorded video segment, sec. | You can set the duration at which the video will be saved as an independent segment, the default is 3600 |
.Storage
Session settings
| Video and screenshots storage path | Network path to access video and screenshots storage. |
| Transferred files storage | Network path to access transferred files storage. |
| Screencasts storage | Network path to access screencasts storage. |
| Domain name | Domain name to access the storage. |
| Username | Username to access the storage. |
| Password | Password to access the storage. |
| Session settings |
|---|
| Gateway connection timeout, sec. | Time after which connection will be closed if gateway isn't responding. |
Set 0 if | 0 if you do not want the connection to be interrupted |
. |
| Time to connect, min. | Close session on the Gateway if a user did not connect to the resource |
. |
| Legal notice | That text will be shown to user before session. Leave it empty if you don't need it |
. |
| Maximum amount of sessions per user | Limiting the number of concurrent open sessions per user, 0 is the default with no limit |
. |
| Notify user about session termination | The user will be notified before the session ends |
. |
| Notifications threshold | Notification will be shown for the specified time before the session expires |
. |
| Notification interval | Interval between notifications about expiring session |
.
Gateway connection settings
| Option | Description |
|---|
| RDCB address | IP address or DNS name of Remote Desktop Connection Broker |
| RDCB collection name | Remote Desktop Connection Broker collection name for |
PAM | Axidian Privilege Gateway |
| Use RDGW | Check it for connecting to |
PAM | Axidian Privilege Gateway with Remote Desktop Gateway |
| RDGW address | Remote Desktop Gateway address for |
PAM | Axidian Privilege Gateway |
| Gateway RDP file parameters | These parameters will be added to RDP connection settings for |
PAM | Axidian Privilege Gateway. They will replace old ones |
.
SSH Proxy settings
| Option | Description |
|---|
| SSH Proxy address | IP address or DNS name and port (optional) |
.
Syslog settings
| Option | Description |
|---|
| Syslog server | IP address or DNS name of Syslog server |
| Port | Syslog server port |
| Protocol | Network protocol for connection to Syslog server: TCP, UDP |
| Format | Event format used by syslog server: CEF, LEEF |
| Syslog version | IETF standart of Syslog protocol: RFC3164, RFC5424 |
User
connectionConnection
The section contains data about user connections. RDP, SSH, Telnet connections are built-in and cannot be changed or deleted.
Adding
new connection typesNew Connection Types
To add a new connection type, you need to research the client application and develop a template for Indeed Identity Axidian Privilege ESSO Agent. The new connection type is unique for each application, for development please contact Indeed Identity technical supportTechnical Support.
Service
connectionConnection
The section contains data on service connections. All the service connections except SSH is built-in and cannot be changed or deleted.
Adding a Service Connection with SSH Type
The service operations template is unique for each *nix distribution. The distribution includes templates for SUSE Linux Enterprise Server, FreeBSD, CentOS, and Ubuntu in the \MISC\SshTemplates ..PAM_2.10.0\axidian-pam-tools\ssh-templates\ folder.
If you need help with development of the new template, please contact Indeed Identity technical supportTechnical Support.
Network
locationLocation| Anchor |
|---|
| NetworkLocation |
|---|
| NetworkLocation |
|---|
|
The section contains information about adding network locations to limit the use of resources issued by addresses.
Adding the Network Location
Click Add.
Enter a Name and add the Network addresses of the resources to which you want to issue a limited connection.
