Iraje PAM Asset Integration manual version 8

Introduction

We at Iraje are focusing on ensuring that we protect enterprise assets from this growing risk of Cyber security and data breaches through password compromises. Iraje Privileged Access Manager helps the business to manage, monitor and control privileged users to avoid super user password compromises which can lead to massive Cyber Attacks and data breaches for enterprises.

Iraje PAM helps in protecting your organization from this major threat of Business Interruption that may happen through compromised super user passwords.

Iraje Privileged Access Manager also helps them provide better visibility and control on their privileged users and improve their overall Governance, Risk and Compliance [GRC].

Purpose

To train the admins on how to integrate and access various assets in PAM. This manual will help the admins get familiar with the Iraje PAM application and how to use it effectively in their environment.

Target Audience

Super Admins | Information Security Team

Workflow for Assets Integration in PAM

Iraje PAM enables users to securely authenticate with multiple applications and websites by logging in only once—with just one set of credentials (username and password).

This feature helps in reducing time spent in re-entering passwords. It also saves users from having to memorize a long list of passwords.

Iraje PAM supports Single Sign On for all types of devices.

Integration of Applications in PAM

Iraje PAM helps in integrating applications with the help of Access Control Manager module. PAM Admins need to login into PAM dashboard and access ‘Access Control Manager’ module.

Steps to integrate and access OS in PAM.

A. Windows (Domain Servers)

PAM admin needs to select type as ‘TERMINAL-RDP’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Windows OS Device in PAM. And mark it as ‘Domain’ server as shown in below snap. We need details like IP address, Domain name, credentials to be stored in PAM to integrate a Windows OS in PAM. These servers will be connected through RDP port 3389 from PAM server.

B. Windows (Child servers)

PAM admin needs to select type as ‘TERMINAL-RDP’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Windows OS Device in PAM. PAM admin need to select parent domain ID from ‘Domain Access’ drop down. These servers will be connected through RDP port 3389 from PAM server, and they will be accessed using parent domain server credentials.

User Experience for accessing Windows Devices

To access these Windows OS Device, go to ‘Access Control Directory’ module from PAM dashboard and double click on connection as below,

C. UNIX / Linux OS

PAM admins need to select type as ‘TERMINAL-UNIXSSH’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Linux/UNIX OS device in PAM. PAM admin will require server IP address and credentials to integrate Linux/UNIX OS. These servers will be connected through Putty using default SSH port 22 from PAM server.

User Experience for accessing Linux Devices

To access these LINUX / Unix OS, go to ‘Access Control Directory’ module from PAM dashboard and double click on connection

Steps to integrate and access Databases in PAM.

Oracle Database

For integrating database in PAM server follow the below steps:

Step 1: Create Database Connection

PAM admins need to select type as ‘ORACLE’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Databases (For example: Oracle) in PAM. PAM Admin will require oracle database schema name, service name and credentials to integrate Oracle DB in PAM.

Step 2: Create Linux Connection and define a tag

PAM admins need to add Linux device with oracle ID credentials, where Oracle database is installed. In tags we need to add oracle database details

User Experience for accessing Database connection from PAM server

To access this Oracle database connection from PAM server, go to ‘Access Control Directory’ from PAM dashboards and right click on the ‘Linux connection’ and click on the tag (in the below image ‘SQL Plus’)

Oracle database will be automatically opened in Linux with Single sign on.

Steps to integrate and access Network devices in PIM.

A. Routers/ Switches (via SSH)

PAM admins need to select type as ‘ROUTER-SSH’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Network devices(routers/switches) in PAM. PAM admins need details like IP address, user name, credentials, Classification (Cisco, Juniper, etc.), Model no. & Scripts for updating password to be stored in PAM to integrate a network device. These devices will be connected through SSH port 22 from PAM server.

User Experience for accessing Network Devices via SSH

To access the network devices from PAM server, go to ’Access Control Directory’ from PAM dashboard and double-click on the connection

B. Routers/ Switches (via TELNET)

PAM admins need to select type as ‘ROUTER-TELNET’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Network devices(routers/switches) in PAM. PAM admins need details like IP address, user name, credentials, Classification (Cisco, Juniper, etc.), Model no. & Scripts for updating password to be stored in PAM to integrate a network device. These devices will be connected through Telnet port 23 from PAM server.

User Experience for accessing Network Devices via Telnet

To access these network devices from PAM, go to ‘Access Control Directory’ from PAM dashboard and double-click on the connection,

  • It will prompt for username, ‘press Enter’ to automatically enter username

  • It will prompt for password, ‘press Enter’ to get logged in the network device via port 23

C. Routers/ Switches (via URLs)

PAM admins need to select type as ‘ROUTER-SSH’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding Network devices(routers/switches) in PAM. PAM admins need details like IP address, user name, credentials, Classification (Cisco, Juniper, etc.), Model no. & Scripts for updating password to be stored in PAM to integrate a network device.

In addition to these, if we want to access network devices GUI from URLs, we have to enable ‘URL’ check box and add URL details

User Experience for accessing Network Device’s GUI via URL

To access these network devices URLs from PAM, go to ‘Access Control Directory’ from PAM dashboards and right click on connection and click on URL tag. User will get GUI access as below,

Steps to integrate and access Security devices in PIM.

Storage devices via SSH & URL

PAM admins need to select type as per the storage device type. For example, integrating ‘Lenovo Storage Management console’ via SSH, we select type ‘ROUTER-SSH’ in the ‘New Connection’ window of the ‘Access Control Manager’ module. PAM admins need details like IP address, user name, credentials, Classification (Cisco, Juniper, etc.), model no. & scripts for updating password to be stored in PAM, to integrate a storage device in PAM.

In addition to these, for accessing Storage devices GUI from URLs, we have to enable ‘URL’ check box and add URL details

User Experience for accessing Storage Device’s GUI via URL

To access these storage devices URLs from PAM, go to ‘Access Control Directory’ from PAM dashboard and

  • Click on connection for SSH login

  • Right click on connection and click on URL tag to get GUI access

Steps to integrate and access Thick Clients in PAM.

Iraje PAM provides a feature to integrate various types of thick client applications in PAM. It is necessary to install thick client application on a different tool server and then we give access to only those particular application without giving OS access. Users can access thick client applications like SQL server management studio, Firewall GUI, ASDM, Database tools, etc. From PAM.

For integrating thick client application,

  • PAM admins need to first integrate the Tools server details in Access Control Manager

  • Uncheck OS access option to prevent user accessing OS of tool server

  • PAM admins need to give thick client application path in Tag

User Experience for accessing thick client applications

To access this thick client application from PAM, go to ‘Access Control Directory’ from PAM dashboards, right-click on connection and click on Application name tag, to get access

Iraje PAM has integrated various thick clients and provided Single Sign On

Steps to integrate and access thin client URLs in PIM.

PAM admins need to select type as ‘URL-HTTP/HTTPS’ in the ‘New Connection’ window of the ‘Access Control Manager’ module for adding thin client URLs in PAM. PIM admins need details like IP address, user name, credentials and URL in PAM. These devices will be connected through TCP port 8080 for HTTP and port 443 for HTTPS from PAM server.

We can also provide browser types if client wants to invoke URLs in chrome, firefox or IE browsers.

User Experience for accessing Thin Client URL

To access the thin client URLs from PAM, go to ‘Access Control Directory’ from PAM dashboard and click on URLs IP.

Iraje PAM has integrated various thin clients and provided Single Sign On.