In this topic, you will find the steps on how to get started with the Privileged Access Management features in Devolutions Server .
First, you will need to be logged as an administrator in your Devolutions Server .
PAM Settings Configuration
Head to Administration – Licenses .
Add the Privileged Access Management license to make the Privileged Access side-panel appear on the left. Enabling PAM
From Administration - Privileged Access , configure the default settings for the checkout system , credentials brokering , sensitive information access , default checkout times and synchronizations. The Custom setting allows user groups based access control.
Next, head to Administration – System Permissions – Modules .
Configure the accesses to the PAM system for the users/admins and manage privileged accounts rights on who can edit the privileged entries. Then, click Save . PAM Access configuration
Add a provider
Back to the PAM section in Administration - Privileged Access - Provider, add a provider of any of the available types : Domain User (AD), Local User (SSH), SQL User,Windows usersorAzure AD User,MySQL user,Cisco UserorOracle User . PAM ProvidersPAM Providers
When adding the provider, make sure you keep the Add Team Folder and Add Scan Configuration options checked.
PAM Provider Configuration
For more information, please consult the Providers topic.
Add a scan configuration
Confirm that it is the good provider, domain and domain container (where the accounts are located).
Make sure the Start Scan on Save checkbox is selected.
In the PAM Vaults section of Administration - Privileged Accounts , you need to create at least one PAM Vault to contain the accounts. You can customize that particular folder's security options if you don't want to give them the defaults you set during the initial configuration. You can also customize the approvers on the folder directly which will give you a list of the administrators. PAM Vaults
Import accounts from a scan
In the Scan Configuration section, click the result of your initial search.
View Scan Results
Select all the accounts you want to import, and on the top right, click the Import Selected Accounts button. Import Selected Entries
You can put them in the vault of your choice. You can also choose whether to reset password on import or on check-in (recommended). That way, the password is safe the moment the user checks it back in. Import Users
Once imported, you can click into the v ault and manually check the Synchronization Status in the top right of the screen. You will know the accounts are well synchronized when the credentials doesn't have an Out of sync red warning next to them. PAM Account Sync Check
You are now ready to use the privileged access management portion of Devolutions Server .