You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

User Directory

Active Directory container or organization unit (OU) from which Axidian Privilege receives employee data. It is possible to work with multiple Active Directory domains.

Users

Active Directory users that are members of container or Organization Unit defined as User Directory.

Accounts

Accounts of Windows OS, * nix OS, DBMS, Active Directory, web applications or client applications on behalf of which sessions will be opened in controlled systems.

Resources

The various systems that should be remotely accessed on behalf of the accounts.

Domains

Domains are intended for obtaining and automatically adding domain computers and domain accounts to Axidian Privilege.

Structure

Structure contains organizational units. An organizational unit (OU) combines users, resources, accounts, permissions to access protected objects in Axidian Privilege. OUs are designed to separate the privileges of Axidian Privilege administrators, which allows you to operate only within a specific OU without having access to operate with objects of other OUs.

Data storage

For data storage Axidian Privilege can use different DBMS:

  • Microsoft SQL Server
  • PostgreSQL
  • PostgreSQL Pro
  • Jatoba

Service connection

Service connection to a resource allows you to perform the following operations:

  • Checking the connection to the resource
  • Synchronizing accounts
  • Account Security Groups synchronization
  • Control of passwords (SSH keys) of accounts
  • Changing the passwords (SSH keys) of accounts
  • Synchronizing resource OS version or DBMS version
  • Synchronizing domain computers in Active Directory

Service connections are supported for the following resources:

  • Microsoft Active Directory
  • Windows
  • *nix
  • Microsoft SQL Server
  • PostgreSQL
  • MySQL
  • OracleDB
  • Cisco (IOS XE)
  • Inspur BMC (IPMI)

User connection

The User connection allows you to open sessions on resources or run individual RemoteApp applications. The following types of connections are supported:

  • RDP
  • SSH
  • Telnet
  • RemoteApp

A resource can have one or more user connection types.

Permissions

Permissions are used to manage privileged access. Any Active Directory user can be given permission to access the resource.
Сontents of the permission:

  • User — an employee whose personal account is part of the User Directory.
  • Account — local or domain account used by Active Directory user to start a session at the resource.
  • Resource — the resource on which the session will be opened.

Permission cannot be modified while used. Revoked permissions cannot be restored.

Policies

A policy is a set of settings that is propagated to multiple system objects. A single object can be assigned only one policy of the certain type.

  • No labels