You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Create permission

Permissions allow AD users to open sessions.

  • Click Create in the Permissions section

User

Any AD user that is a member of the User Directory can be used for creating a permission.

  • Enter Name, Surname, Phone number or Email in whole or in part
  • Select one or more users

Resource

Any resource added to Indeed PAM can be used for permission.

  • Enter the Resource name or Address (DNS address / IP address) in whole or in part

  • Select one or more resources

    If more than one resource is selected, domain accounts or a personal user account will be used to access them.

Account

To access the resource, a local, domain or personal user account can be used.

Choosing a domain or local account

  • Enter Account name in whole or in part
  • Select an account.

Choosing a personal user account

  • Click Continue using user account on the Select account page

Active time

Select a Begin date and time and an End date and time for permission.

  • Select Begin and End options

  • Choose a date and time

    If the Begin and End options are not selected, then the permission will be considered permanent.

Access schedule

Active time can be set for permission. You cannot use the permission outside of active time.

  • Select options From and To

  • Enter the time

    If options From and To are not selected, then the permission will be valid around the clock.
The session will be terminated if the permission's Active time expires or the Acess schedule expires.

Additional Permission options

Indeed PAM allows the user to view the password of privileged accounts that are used in his permissions.

  • Check the Allow user to view account credentials option
  • Finish creating the permission




Permissions give the right to open RDP, SSH or web-sessions. Permission can be issued both from the section Permissions, and form the User, Resource or Account profile.

  1. Go to the Permissions section and click Create.

  2. Select a user directory.
    To search, enter the Name, Surname, Phone number or Email in whole or in part.

  3. Select resource.
    To search, enter the resource Name or Address (DNS address / IP address) in full or in part.

    If more than one resource is selected, then only domain accounts will be used to access them. If one resource is selected, then both local accounts and domain will be used to access it.

  4. Select an account.
    To search, enter the Account Name in whole or in part. 


    If you select Continue using user account (it will become available if no account is selected), a user account will be used to connect to the resource. In the case of an ssh connection, you will need to enter user authentication data when entering the resource.

  5. Configure Active time:
    • Begin - the date and time the permission started.
    • End - the date and time the permission expired.

    Under the calendar, a time selection tool is available. You can also manually enter dates and times.

  6. Configure Access Schedule - access restriction time during the day.

    If the Active time does not contain the marked parameters, then the resolution will be considered unlimited. 
    If the Access schedule does not contain the marked parameters, then the permission will be valid around the clock. If the Access schedule is outside the scope of the Active time, then priority is given to the Active time.

  7. Configure View account credentials.
    If the user for whom permission is created must have the right to view the password or SSH key of the access account on behalf of which the session will be opened, then check the option Allow user to view account credentials.

    Viewing account credentials is performed in the Self Service.

  8. If necessary, fill out the Description for permission.

  9. Review the permission details and click Create.

    If you need to change the permission settings, then you can return to any step by clicking Back.


  • No labels