Iraje PAM ACD manual version 8

Introduction

This document is the user manual for the Access Control Directory. The Access Control Directory is an important module for Iraje PAM as it gives access and gives role based access to users who can access the target devices through PAM.

  • Admin – Access Control Directory module [SSO module for users]

  • Group Admin – Access Control Directory & Access Control Manager modules [for group leaders]

  • Super Admin – All modules to manage the solution. [Overall PAM Admins]

The Dashboard is the point of entry in securely accessing the Infrastructure post the 2 factor authentication. First is the AD authentication and the second is the 2FA.

Purpose

Role–based access control (RBAC) restricts access based on a person's role within an organization and has become one of the main methods for advanced access control. The roles in RBAC refer to the levels of access that admins have to the critical assets. Admins are only allowed to access the information necessary to effectively perform their job duties. Access can be based on several factors, such as authority, responsibility, and job competency. In addition, access to resources can be limited to specific tasks such as the ability to view, create, or access a particular application only. Using RBAC will help in securing company’s sensitive data and important applications.

Role Based Access Control – RBAC

Through RBAC, we can control what users can do at both, broad and granular levels. We can designate whether the user is an administrator or a special user, and align roles and access permissions with the person’s role in the organization. Permissions are allocated only with limited access as needed for employees to do their jobs. By adding a user to a role group, the user has access to all the roles in that group. If they are removed, access is restricted. Users may also be assigned to multiple groups in an event where they need temporary access to a certain data or programs and then access is removed once the project is complete.

Benefits of RBAC

Managing and auditing access is essential to information security. Access can and should be granted on a need-to-know basis. With few hundreds of admins, security is more easily maintained by limiting unnecessary access to sensitive information based on each user’s established role within the organization.

Time Based Access

In Iraje PAM solution our product works on the principal of least trust. User will be only allowed till the specific time interval which was set during the TBA request on ACD by user who made TBA request.

Just in Time Access

Iraje PAM solution offers the just in time feature within the product which offer seamless Access to the connection with no hurdle.

Target Audience

Admins & End Users Using Iraje PAM.

User Experience for PAM Dashboard Access

If the user wants to access the connections, the first thing that the user needs to do is to access the Iraje PAM dashboard.

Iraje PAM Home Page

The user will login into the dashboard using his ID & Password, select the Domain & use Multi-Factor Authentication.

If the user is facing an issue while accessing the dashboard then the user can click on ‘Help and support’ option available on PAM login screen.

The user will be redirected to the FAQ page with a set of general solutions

After entering valid credentials on login screen, users will get role-based access to the Dashboard. A normal admin user will have access only to Access Control Directory Module.

Click ‘Sign–out’ option to logout from PAM dashboard

Steps to access target devices/connections from PAM

  • Login to Iraje PAM Dashboard

  • Click on ‘Access Control Directory

  • Select the ‘organization’ and ‘group’

  • Filter the connections by ‘Type’

  • Accessing the Connections

Search filters for connections

  • Organization

  • Group

  • Refresh Button

  • Search Option

Features

  • TBA (Time based Access) on devices

  • Password Request Work flow

Various SSO platforms provided in Iraje PAM

This section shows Single Sign On to all types of devices that include Servers, Databases, Network devices, browser consoles, thick clients, applications without any API, Connector or Adaptor and all out of the box.

  • SSO to Windows Device

  • SSO to Linux, Unix, AIX, Sun Solaris devices

  • WINSCP SSO Automation

  • SU automation for Linux devices

  • SSO to Network devices (SSH)

  • Network device (URLs for GUI) SSO automation

  • SSO to browser consoles [thin clients]

Accessing Thick Client Applications

Users can access thick client applications like SQL server management studio from PAM. Other thick client applications include Firewall GUI, ASDM, Database tools, etc.

Thick client SSO – SSMS

User has to perform the following steps to get access to thick client applications from Access Control Directory

  • Right click on server IP where the application is installed and Clicks on application name tag.

  • User will get access to that application.

Thick client SSO

The screen below shows SSO to a thick client like CA IT Client Manager. Seamless access to this client from PAM without any API, Connector or Adaptor.

Thick client SSO – XManager

Seamless access to thick clients like X Manager through Iraje PAM.

Thick client SSO – VMWare

Seamless SSO to clients like VMWare without any API, Connector or Adaptor.

Below are the SSO to Thick client
  • Thick client SSO – Check Point Smart Console

  • Thick client SSO – Cisco ASDM Launcher

  • Thick client SSO – Dell Storage Manager

  • Thick client SSO – HP Management Console

  • Thick client SSO – IBM Lotus Notes

  • Thick client SSO – Oracle SQL Developer

  • Thick client SSO – SAP NetWeaver GUI

  • Thick client SSO – Checkpoint Smart Dashboard

  • Thick client SSO – VMWare VSphere GUI

Accessing Thin Client Applications

  • Thin Client SSO – Symantec End Point

  • Thin Client SSO – FortiAnalyzer firewall GUI

  • Thin Client SSO – Fortigate firewall GUI

  • Thin Client SSO – Trend Micro Suite GUI

  • Thick Client SSO – Force Point Triton UI

Basically the solution provides Seamless SSO to all types of assets including Servers, Databases, Routers, Switches, Firewalls, Clients, Browser consoles, Storage devices, Security devices, Middleware & Custom built applications without any API, Connector or Adaptor & out of the box.

Additional Features

User details

This part shows the Domain name and username from which the user has logged on to the ACD.

HTML5

Web RDP is best supported on HTML5 so if HTML5 is not available on the user’s machine then by turning the HTML5 option to ON the user will be able to experience the Web RDP hurdle less.

Scale ON

Scale is used to resize the application according to the system display size, so when the user connects to ACD on web RDP and if the ACD window is not fitting properly on the screen then the user can turn scale on and it will automatically resize the application window according to the system window.

Clipboard

Clipboard is used to copy and paste test from ACD to target server.

  • Open clipboard option from ACD, enter text and copy it.

  • Then go to the target server and paste it wherever you want to paste it and paste it using ctrl+v keys or right click and paste.