Iraje 3 Factor Authentication manual Version 7.5

Introduction

Iraje PAM helps in protecting your organization from this major threat of Business Interruption that may happen through compromised super user passwords.

Purpose

Train the users on how to use the 3-factor authentication modes, these authentication modes are a third layer of security to protect an account or system. Users must go through two layers of security before being granted access to an account or system.

Target Audience

End Users | Admins Using Iraje PAM

Workflow for 3 Factor Authentication

The Multi Factor Authentication module is the most comprehensive module offering multiple options for configuring the 3rd Factor authentication out of the box in Iraje PAM.

The following options are available:

  • Email TOTP [Time-Based One-Time Password]

  • SMS TOTP

Step 1: Login onto IRAJE PAM Dashboard

Step 2: Click on "Access Control Manager"

Step 3: Open Access Control Manager module and click on "Directory Access

Step 4: Click on ‘ADMIN’ group in Select Group

Step 5: Go to Admin Option

Step 6: Go to Admin Options

Step 7: choose 3 Factor authentication option from Admin Option

Step 8: To enable 3rd Factor Authentication on all the connections configured in Iraje PAM, enable the below highlighted option

Step 9: To Enable the 3 Factor Authentication , select the required group and click on OK

Step 10: Now click on OK from Admin Option

Step 11: To enable 3 Factor authentication following maker - checker is to be performed

Step 12: Now click on Access control Master option as given below

Step 13: To enable SMS or Email OTP select the required notification method and close the window

User Experience after 3 Factor Authentication Option is Enabled

Step 1: Click on Access Control Directory from Login Page

Step 2: User will select the required connection from the selected group and shall enter the TOTP received via SMS or Email

Step 3: TOPT shall be received in one of the following format i.e. Email or SMS based

Iraje PAM supports Single Sign On for all types of devices.

Integration of Applications in PAM

Iraje PAM helps in integrating applications with the help of Access Control Manager module. PAM Admins need to login into PAM dashboard and access ‘Access Control Manager’ module.

Steps to integrate and access OS in PAM.

A. Windows (Domain Servers)

PAM admin needs to select type as ‘TERMINAL-RDP’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Windows OS Device in PAM. And mark it as ‘Domain’ server as shown in below snap. We need details like IP address, Domain name, credentials to be stored in PAM to integrate a Windows OS in PAM. These servers will be connected through RDP port 3389 from PAM server.

B. Windows (Child servers)

PAM admin needs to select type as ‘TERMINAL-RDP’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Windows OS Device in PAM. PAM admin need to select parent domain ID from ‘Domain Access’ drop down. These servers will be connected through RDP port 3389 from PAM server, and they will be accessed using parent domain server credentials.

User Experience for accessing Windows Devices

To access these Windows OS Device, go to ‘Access Control Directory’ module from PAM dashboard and double click on connection as below,

C. UNIX / Linux OS

PAM admins need to select type as ‘TERMINAL-UNIXSSH’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Linux/UNIX OS device in PAM. PAM admin will require server IP address and credentials to integrate Linux/UNIX OS. These servers will be connected through Putty using default SSH port 22 from PAM server.

User Experience for accessing Linux Devices

To access these LINUX/ Unix OS, go to ‘Access Control Directory’ module from PAM dashboard and double click on connection

Steps to integrate and access Databases in PAM.

Oracle Database

For integrating database in PAM server follow the below steps:

Step 1: Create Database Connection

PAM admins need to select type as ‘ORACLE’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Databases (For example: Oracle) in PAM. PAM Admin will require oracle database schema name, service name and credentials to integrate Oracle DB in PAM.

Step 2: Create Linux Connection and define a tag

PAM admins need to add Linux device with oracle ID credentials, where Oracle database is installed. In tags we need to add oracle database details

User Experience for accessing Database connection from PAM server

To access this Oracle database connection from PAM server, go to ‘Access Control Directory’ from PAM dashboards and right click on the ‘Linux connection’ and click on the tag (in the below image ‘SQL Plus’)

Oracle database will be automatically opened in Linux with Single sign on.

Steps to integrate and access Network devices in PAM.

A. Routers/ Switches (via SSH)

PAM admins need to select type as ‘ROUTER-SSH’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Network devices(routers/switches) in PAM. PAM admins need details like IP address, user name, credentials, Classification (Cisco, Juniper, etc.), Model no. & Scripts for updating password to be stored in PAM to integrate a network device. These devices will be connected through SSH port 22 from PAM server.

User Experience for accessing Network Devices via SSH

To access the network devices from PAM server, go to ’Access Control Directory’ from PAM dashboard and double-click on the connection.

B. Routers/ Switches (via TELNET)

PAM admins need to select type as ‘ROUTER-TELNET’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Network devices(routers/switches) in PAM. PAM admins need details like IP address, user name, credentials, Classification (Cisco, Juniper, etc.), Model no. & Scripts for updating password to be stored in PAM to integrate a network device. These devices will be connected through Telnet port 23 from PAM server.

User Experience for accessing Network Devices via Telnet

To access these network devices from PAM, go to ‘Access Control Directory’ from PAM dashboard and double-click on the connection,

  • It will prompt for username, ‘press Enter’ to automatically enter username

  • It will prompt for password, ‘press Enter’ to get logged in the network device via port 23

C. Routers/ Switches (via URLs)

PAM admins need to select type as ‘ROUTER-SSH’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Network devices(routers/switches) in PAM. PAM admins need details like IP address, user name, credentials, Classification (Cisco, Juniper, etc.), Model no. & Scripts for updating password to be stored in PAM to integrate a network device.

In addition to these, if we want to access network devices GUI from URLs, we have to enable ‘URL’ check box and add URL details

User Experience for accessing Network Device’s GUI via URL

To access these network devices URLs from PAM, go to ‘Access Control Directory’ from PAM dashboards and right click on connection and click on URL tag. User will get GUI access as below,

Steps to integrate and access Security devices in PAM.

Storage devices via SSH & URL

PAM admins need to select type as per the storage device type. For example, integrating ‘Lenovo Storage Management console’ via SSH, we select type ‘ROUTER-SSH’ in the ‘New Connection’ window of the ‘Access Control Manager’ module. PAM admins need details like IP address, user name, credentials, Classification (Cisco, Juniper, etc.), model no. & scripts for updating password to be stored in PAM, to integrate a storage device in PAM.

In addition to these, for accessing Storage devices GUI from URLs, we have to enable ‘URL’ check box and add URL details

User Experience for accessing Storage Device’s GUI via URL

To access these storage devices URLs from PAM, go to ‘Access Control Directory’ from PAM dashboard and

  • Click on connection for SSH login

  • Right click on connection and click on URL tag to get GUI access

Steps to integrate and access Thick Clients in PAM.

Iraje PAM provides a feature to integrate various types of thick client applications in PAM. It is necessary to install thick client application on a different tool server and then we give access to only those particular application without giving OS access. Users can access thick client applications like SQL server management studio, Firewall GUI, ASDM, Database tools, etc. From PAM.

For integrating thick client application,

  • PAM admins need to first integrate the Tools server details in Access Control Manager

  • Uncheck OS access option to prevent user accessing OS of tool server

  • PAM admins need to give thick client application path in Tag

User Experience for accessing thick client applications

To access this thick client application from PAM, go to ‘Access Control Directory’ from PAM dashboards, right-click on connection and click on Application name tag, to get access

Iraje PAM has integrated various thick clients and provided Single Sign On

Steps to integrate and access thin client URLs in PAM.

PAM admins need to select type as ‘URL-HTTP/HTTPS’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding thin client URLs in PAM. PAM admins need details like IP address, user name, credentials and URL in PAM. These devices will be connected through TCP port 8080 for HTTP and port 443 for HTTPS from PAM server.

We can also provide browser types if client wants to invoke URLs in chrome, firefox or IE browsers.

User Experience for accessing Thin Client URL

To access the thin client URLs from PAM, go to ‘Access Control Directory’ from PAM dashboard and click on URLs IP.

Iraje PAM has integrated various thin clients and provided Single Sign On.