Management server
Indeed Identity PAM Core
This is the central component that manages the logic of Indeed Identity PAM operation. It is a web application that operates on Internet Information Services (IIS) web server.
Consists of:
- ASP.NET Core applicatoin – core
Tasks:
- Providing centralized management of system users.
- Managing resource access credentials.
- Providing flexible settings through access policies.
- Storing privileged accounts data.
- Performing scheduled tasks.
Indeed Identity IdP
Identity Center, responsible for user authentication. It is a web application running on the Internet Information Services (IIS) web server.
Consists of:
- ASP.NET Core applicatoin - idp
Tasks:
- Training and verification of authenticators
- Providing user authentication data to other system components
Indeed Identity PAM Management Console
Indeed Identity PAM Management Console is a graphical shell for Indeed Identity PAM Core. It provides an interface for configuring, managing and auditing the system. It is a web application that operates on Internet Information Services (IIS) web server.
Consists of:
- AngularJS application – mc
Tasks:
- The task list is identical to Administration section.
Indeed Identity PAM User Console
Indeed Identity PAM User Console provides for interface to access the target resources. It is a web application that operates on Internet Information Services (IIS) web server.
Consists of:
- AngularJS application – uc
Tasks:
Displaying of available accounts and resources accessible for the end user.
Starting a privileged session.
Indeed Identity Log Server
This is a uniform event log that collects and stores the Indeed Identity PAM events. It is a web application that operates on Internet Information Services (IIS) web server.
Consists of:
- ASP.NET application - ls
Tasks:
- Collecting and storing of events
- Providing quick event query results
Indeed Identity PAM EventLog
An add-on for Indeed Identity Log Server, designed to record Indeed Identity PAM events to the Windows event log.
Task:
- Allows Indeed Identity Log Server to communicate with Windows Log.
Access server
Indeed Identity PAM Gateway
A set of components that are responsible for providing access to target resources, logging user sessions, saving logs to file storage, and processing file read operations on disks.
Consists of:
- Windows desktop application – ProxyApp.exe
- File System Driver – Pam.FsFilter
- Windows service for interacting with a file system filter – Pam.Service
- Modified SSH Client – Putty.exe
- mstsc extension
- A set of utilities and libraries - FFmpeg
- Component for controlling the executoin of processes - ProcessCreateHook
Tasks:
- Providing access to target resource via the RDP/SSH protocols and client application protocols
- Recording video and photo logs for RDP/SSH protocols and client application protocols
- Recording text logs for SSH sessions
- Monitoring and intercepting files transferred to the resource
- Saving all session logs to file storage
- Checking the status of Indeed Identity PAM client components
- Controls access to critical files and processes
Indeed Identity PAM SSH Proxy
The component is responsible for providing access to *nix target resources via SSH and logging user sessions.
Consists of:
- Windows service - Pam.SshProxy.Service
The component tasks are:
- Providing access to the target *nix resource
- Recording text logs
IndeedID ESSO Agent, IndeedID Admin Pack
A set of components that intercepts application authentication forms and fills them in with username and password.
Consists of:
- A set of applications, services, and tools for interacting with authentication forms and PAM components
- Extensions for Internet Explorer and Google Chrome browsers
Task:
- Interception and autofill of authentication forms for web-based applications and Windows desktop applications
Windows resources
Indeed Identity PAM Agent
The component is intended to track user activity at the target resource during RDP session.
Consists of:
- Windows application – Pam.Proxy.WindowsAgent.exe
Tasks:
- Keeping track of the names of running processes
- Keeping track of the names of active windows
- Logging keyboard input
- Sending heartbeat messages to Indeed Identity PAM Gateway to register its activity
Indeed Identity PAM Desktop Console
Application for connecting to target resources via Indeed Identity Pam.
Consists of:
- mRemoteNG.exe
Tasks:
- Lists the resources from the user's permissions.
- Provides the ability to run privileged sessions from a single application.
