User Directory

Active Directory container or organization unit (OU) from which Indeed Identity PAM receives employee data. It is possible to work with multiple Active Directory domains.

Users

Active Directory users that are members of container or Organization Unit defined as User Directory.

Accounts

Accounts of Windows OS, * nix OS, DBMS, Active Directory, web applications or client applications on behalf of which sessions will be opened in controlled systems.

Resources

The various systems that should be remotely accessed on behalf of the accounts.

Domains

Domains are intended for obtaining and automatically adding domain computers and domain accounts to Indeed Identity PAM.

Structure

Structure contains organizational units. An organizational unit (OU) combines users, resources, accounts, permissions to access protected objects in PAM. OUs are designed to separate the privileges of PAM administrators, which allows you to operate only within a specific OU without having access to operate with objects of other OUs.

Data storage

For data storage Indeed Identity PAM can use different DBMS:

  • Microsoft SQL Server
  • PostgreSQL
  • PostgreSQL Pro
  • Jatoba

Service connection

Service connection to a resource allows you to perform the following operations:

  • Checking the connection to the resource
  • Synchronizing accounts
  • Account Security Groups synchronization
  • Control of passwords and SSH keys of accounts
  • Synchronizing resource OS version or DBMS version
  • Synchronizing domain computers in Active Directory

Service connections are supported for the following resources:

  • Windows
  • *nix
  • Microsoft SQL Server
  • PostgreSQL
  • MySQL
  • OracleDB
  • Cisco (IOS XE)
  • Inspur BMC (IPMI)

User connection

The User connection allows you to open sessions on resources or run individual RemoteApp applications. The following types of connections are supported:

  • RDP
  • SSH
  • Telnet
  • RemoteApp

Permissions

Permissions are used to manage privileged access. Any Active Directory user can be given permission to access the resource.
Сontents of the permission:

  • User - an employee whose personal account is part of the User Directory.
  • Account local or domain account used by Active Directory user to start a session at the resource.
  • Resource - the resource on which the session will be opened.

Permission cannot be modified while used. Revoked permissions cannot be restored.

Policies

A policy is a set of settings that is propagated to multiple system objects. A single object can be assigned only one policy of the certain type.