Iraje Dashboard manual version 7.5
This document is the user manual for the dashboards. It explains all the dashboard modules and how to use them. The dashboards are all roll based. There are 3 roles in Iraje PAM.
Admin – Access Control Directory module (SSO module for users)
Group Admin – Access Control Directory & Access Control Manager modules (for group Admin)
Super Admin – All modules to manage the solution. (Overall PAM Admins)
The Dashboards are the point of entry in securely accessing the Infrastructure post the 2 factor authentication. First is the AD authentication and the second is the 2FA.
Train the users on how to use the Iraje PAM Dashboards and use the modules within the dashboards. This manual will help the users get familiar with the Iraje PAM application and how to use it effectively in their environment.
End Users | Admins Using Iraje PAM
Iraje PAM Login Page
Iraje PAM supports web based login for user authentication. By default it runs on https & port is 443, we can customize the default port as per client’s wish list.
Domain Integration using LDAP protocol
Iraje PAM supports multiple domain integration without using any agent on client domain controller. It also has local domain controller that authenticates the vendor id using Iraje DC instead of creating the vendor id in client domain.
Multi Factor Authentication
Iraje supports multiple two factor authentication method to login into PAM application
For ex.: Mobile & Email OTP, Biometrics, Google Authentication, RSA & Digipass OTP.
Evidently, there are 2 Multi factor authentication methods
Mobile & Email OTP: End User will receive an OTP via email/SMS at Web based login or Application level.
Google Authenticator: For the first time the user needs to scan the QR Code for the registration of Google authentication
On the login page we have help & support menu which gives list of FAQ’s for the end user, if they have any queries regarding PAM issue.
Iraje PAM Home Page
On the login page we have help & support menu which provides a list of FAQs for te end user if they have any queries regarding PAM issue.
After login, the user will be redirected to Iraje Dashboard as seen below.
Iraje PAM has 3 levels of roles in PAM:
According to user’s role the dashboard is available to the User.
On the Right hand side of the user login, self-support options are available for the users.
Before accessing to any section on dashboard home page, you have to download the Iraje Plugin. You will get the plugins from the drop-down menu which is on the upper right side of dashboard home page. After downloading the plugin, run the plugin with administrator rights. After installation, user can use Access Control Directory and Access Control Manager from the Dashboard
Help & Support
In this menu option, User can view Manuals & FAQs related to Iraje PAM.
In the case of operating systems and computer server software, patches have the particularly important role of fixing security holes. To facilitate updates, operating systems often provide automatic or semi-automatic update facilities.
Troubleshooter & Terminal-Logoff
Terminal-Logoff: By using this feature, users can logoff his/her own PAM websso session
Troubleshooter: This option is available to the Super Admin only; by using this option Admin can troubleshoot the PAM issue before logging the ticket to Iraje support team. This option is designed to provide self-support to the client. This reduces the support ticket @ OEM level.
Port Checker: It is used to check if a port is working or open on the server.
Host Checker: It is used to check host name for a specific IP address.
Reboot PAM: It is used to Restart PAM.
RDP Troubleshooting: It is used when any user faces RDP related issue while accessing servers.
Troubleshooting: It is used when client/s are facing OTP issues
DB Troubleshooting: It is used to restart the database services.
Access Control Directory
The main purpose of Access Control Directory is to get access to connections from PAM. We can also integrate 2nd factor authentication i.e. OTP at Access Control Directory Level.
This module is explained in detail in Access Control Directory (ACD) Manual. This is also called the 3rd Factor authentication at the device level.
Access Control Manager
The main purpose of ACM is as follows:
Access Control to connections
Admin options configuration
This is explained in detail in Access Control Manager (ACM) Manual.
The main purpose of Admin Discovery is to get the details of admins which are configured (added in PAM) and not configured (which are not added). The functioning takes place in Access Control Manager > Discover ACM & the result is populated in Admin discovery on the dashboard.
This module helps discover hidden admin accounts in the organization that needs to be either deleted, disabled or onboarded in PAM. It maintains a history of the scans also, for audit purposes.
This module is critical to security and the discovery scans can be done on the fly or on demand to discover hidden admins in the organization
This module also helps in getting the inventory of admin IDs present on the devices.
Click on Admin discovery, it will display list of admins inside PAM & outside PAM.
This module is critical to security and is an agentless module in discovering hidden admin accounts on the target devices.
Video on Demand (VOD)
The main purpose of this module is to get video logs of users configured in PAM. This module helps to do audit and forensic in case of any incidents
When you click on video on demand, the below screen appears then Click on Open Remote app_launcher
There are 2 Tabs on the Top Left, Live Tab and the Gallery Tab.
Live Session Viewing:
Displays videos of all users which are currently live/ active on PAM.
Recorded Sessions in Gallery module:
Displays past videos of users who have accessed target devices through PAM. These videos are sorted by users and can be searched on PAM by below filter.
Session Start Date
Session End Date
Source IP Address
There are many features within Video on Demand module like Command based searching, Live Termination, Video Indexing & Video replaying from the point of command entered.
Global Command Search Within Videos
In the screen below a command is put in the text search box. When the search button is pressed, it scans through the thousands of videos and displays list of videos where this command was executed
You can see the yellow highlighted row where is shows the command searched was executed. The video can now be played directly from the command executed time
We can terminate live session of user’s by clicking on X. Once this button is pressed, the user session gets disconnected and the user is logged off. If required, the user can be further stopped accessing any module by disabling his/her ID from the Access Control Manager module.
The admin will be asked to confirm if he/she is sure to disconnect the live user.
Once confirmed, the live user session will be terminated.
Video Replay from the point command has been entered
We can replay a video recording from the time the command is entered. Click on the play button
Auto Video Archival/ Scheduled Backups
All videos which are recorded get stored on the D drive of the server. This utilizes the storage of that drive and possibly there will be no empty space after some point of time. So Customer specifies a backup drive (also known as map drive), where all the video recording data is moved to free some space on D drive. This is automatically done by a scheduler where the retention period is configured.
As per the client’s requirement we move the video recording data onto the specified map drive provided by the client. The period of time for the data to be moved onto the map drive is also mentioned by the client. Ex.: Client wants last 90 day’s data to be moved on the map drive.
This is a 4 blocker for the CXO of the organization. Its for giving a LIVE dip stick of the status of their DC/DR being accessed through PAM.
This module gives the following data Live to the Executive
Live user status
Live usage details
Live command execution
Live CPU utilization
Live user status
It provides live details about users which are active and disconnected in the form of a pie chart. You can also have a look at the active users or the disconnected users by clicking on Active and Disconnected respectively.You can view live details in the form of a report as well. Click on Active users on the pie chart to view live report for Active users.
Live Usage Details
It provides live details about those devices that are accessed by different users at that point of time.
Live CPU Utilization
It provides Live details about CPU Utilization, RAM Usage, C Drive & D Drive Usage
Live Command Execution
It provides details about all the Commands executed on a connection by the user currently with time-stamp. The latest command will come on the top and will keep going down as the new commands get executed. It will give an effect of a live stock ticker as the commands keep getting executed.
There are two types of logs in log manager.
It shows all the activities of the PAM admin user. If you want some specific data, then you can search and sort data as per request. You can even export this data into an Excel sheet by clicking on Excel button.
It shows all the activities of Access Control Manager. If you want some specific data, then you can search and sort data as per request. Every activity of the PAM admin is logged and can be tracked. Nobody is holier than thou.
Access Control Master
This section is subdivided into two parts. They are as follows
Access Control Master
It shows the list of users which are mapped to a particular group and different privileges assigned to the user in that group
This module gives the details of who has what rights on the PAM solution. Who can add a user, who can add a new device, who can view the logs and who can do the change passwords from PAM.
This module is basically the entire role based access chart of the organization in the PAM solution. Every admin user configured in PAM and what all device accesses they have. The second column shows the list of devices and the horizontal header shows the list of users. The report can be downloaded in excel and used for further analysis. The report will give data in terms of who has access to what all devices from PAM. Once the solution is enforced in the organization, this report becomes the master report for all accesses within the organization.
The main purpose of this module is to sync the connections which are in sync and which are out of sync
On Demand Scan
Sync Center Setting
First the user clicks on the Sync Center module. Then the user clicks on the Scan Status Tab highlighted below. This shows status of connections, whether they are working or not. A green tick indicates that a connection is working. A red tick indicates that a connection is out of sync.
The second tab is the Sync Status. It displays the connections which were successfully synced.
On Demand Scan
The third tab is the On Demand Scan. This module scans the connections and allows the admin to either just do a scan or do a scan and sync automatically.
Sync Center Setting
The last tab is setting module. It lets you scan and sync connections on a daily, weekly or monthly basis. This ensures that all your devices are in sync all the time.
The main purpose of this module is to get detailed report which will be used for auditory purpose. You can export the data into an Excel sheet by clicking on Excel button. There are many reports generated for user and admin both. Some of the types of reports generated are as follows:
The above are mentioned in detail in Reports Manual. A detailed manual on all the reports and its uses is available separately.