Two-factor authentication
of administrators

Protection of access to Indeed Privileged Access Manager

Indeed Privileged Access Manager

The Privileged Access Management class solutions allow to leave out an explicit usage of passwords for privileged accounts and to grant the rights to use such passwords to administrators at certain resources granularly. Another problem to be solved in the aspect of granting the privileged access is reliable authentication of administrators. The administrator must be authenticated unambiguously before he or she gains access to a session with elevated rights. The task can be solved with two-factor authentication of PAM users.

Task description

Generally, the task of authentication in PAM can be stated as follows. It is necessary to provide for an opportunity of multi-factor user authentication before a user gains privileged access to the system.

Solution

To solve the task, the Indeed Privileged Access Manager (Indeed PAM) software suite uses an authentication server. The Indeed PAM authentication server has the following features.

PAM user authentication

    • This stipulates for two-factor user authentication with password and OTP (One-Time Password).
    • There also should be an option of integration to Indeed Access Manager in order to delegate the user authentication procedure to the latter.

General architecture scheme of Indeed PAM to solve the authentication task is given below.

Architectural authentication scheme Indeed PAM

The following modules provide for password management in the Indeed PAM:

Indeed PAM Server

This is the core component the of Indeed PAM infrastructure. It is a web application, operating in the Internet Information Services (IIS) server environment. The Indeed PAM server provides for centralized management of system users, user account data and security policies.

Authentication server

The server provides for two-factor user authentication service to be used by other components (user console and access server). The authentication server also implements the user interface for authentication and registration of credentials.

Access Server

The access server is the central part of the privileged access granting scheme. The server provides for access policy compliance, starts an administrator session at the target resource and also carries out text and video recording of sessions. The two-factor authentication is also performed at the access server before starting a privileged session.

User Console

In the user console, the employees can view accounts and resources available to them. It is also possible to start a privileged session from the user console. The user console is made as a web application.

LEARN MORE
ASK A QUESTION IN A LIVE CHAT ON OUR WEBSITE
  • What questions does the product solve?
  • What are the infrastructure requirements?
  • How to run a pilot?
  • How much does the implementation cost?
industry about us
In the report from March 21, 2016 by KuppingerCole Indeed Identity was mentioned as “a specialist vendor” in access management market segment that delivers solutions for authenticating users, encrypting messages, and securing information on mobile phones.
KuppingerCole
Europe’s leading Analysts on the topics of Information Security in the era of Digital Transformation
"Indeed Identity is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner."
Sergey Yeliseyev
X-Infotech Owner, Business Development Director, Government eID solutions
Indeed Identity has been the Softline important partner for a very long time. Together, we realized a number of successful projects in many economic spheres. International corporations choose Indeed ID due to reliable software, competitive prices and great service.
Michael Lisnevsky
Softline group, Head of regional promotion of information security