Generally, the task of authentication in PAM can be stated as follows. It is necessary to provide for an opportunity of multi-factor user authentication before a user gains privileged access to the system.
The solutions of Privileged Access Management class allow to eliminate explicit usage of passwords for privileged accounts and to grant administrators with rights to use the said passwords at certain resources granularly. Another problem to solve in the aspect of privileged access is reliable authentication of administrators. An administrator must unambiguosly authenticated before he or she is allowed to use privileged session. This task can be solved with two-factor authentication of PAM users.
Solution
To solve the task, the Indeed Privileged Access Manager (Indeed PAM) software suite uses an authentication server. The Indeed PAM authentication server has the following features.
PAM user authentication
This stipulates for two-factor user authentication with password and OTP (One-Time Password).
There also should be an option of integration to Indeed Access Manager in order to delegate the user authentication procedure to the latter.
General architecture scheme of Indeed PAM to solve the authentication task is given below:
