We introduce the next version of Indeed Privileged Access Manager software for access control of privileged users. The main additional features of Indeed Privileged Access Manager version 2.0 are dedicated SSH Proxy component, DBMS accounts management and command-line utility for managing solution settings. These and other specifications are below.
The SSH Proxy has been developed for the Indeed PAM 2.0 software package to monitor SSH sessions without using Microsoft Remote Desktop Services. The new approach to the management of the privileged SSH sessions will reduce the cost of the solution (as it doesn’t require RDS licenses), and the company’s employees will be able to use any SSH client for work.
The previous version of Indeed PAM 1.2 implemented an approach with a published SSH client that was installed on the RDS server.
CONNECTOR FOR WORKING WITH DBMS
Indeed PAM 2.0 added a connector for working with DBMS, which has the following functionality:
- Getting a list of accounts
- Checking account passwords
- Reset account passwords
The connector supports the following database management systems:
- Microsoft SQL Server
- Oracle Database
NEW FEATURES OF THE COMMAND-LINE UTILITY
Before we mentioned that Indeed PAM can be operated through a web interface and through a command-line application. The first version of the utility had limited functionality and allowed:
- Batch issuance of permissions
- Batch revocation of permissions
- Import of resources from CSV file into Indeed PAM database
We have extended the functionality of this utility in Indeed PAM 2.0 and added the following features:
- Setup of access schedule when issuing permissions
- Batch creation of privileged accounts
- Batch resource creation
- Removing privileged accounts
- Removing resources
- Specification of SSH key when creating accounts, both batch and single.
CACHING THE SECOND AUTHENTICATION FACTOR
Indeed PAM uses two-factor authentication to provide access to the target resources before starting the session: the first factor is the domain password, the second is TOTP.
For the convenience of work with privileged sessions, the mechanism of caching of the second factor was developed. It will cache the input of the second factor for a specified time.
The system can be configured to request for a second factor, for example, once per hour or another set value.
DOWNLOAD SCREENSHOTS AS A SINGLE ARCHIVE
A new feature to work with screenshots has been added to Indeed PAM 2.0. Now you can save a full archive of screenshots for further analysis in the workplace, and not only view snapshots from the admin console, as was in the previous versions.