de fr

Getting started

Index

In this topic, you will find the steps on how to get started with the Privileged Access Management features in Devolutions Server.

First, you will need to be logged as an administrator in your Devolutions Server.

PAM Settings Configuration

  1. Head to Administration – Licenses.
  2. Add the Privileged Access Management license to make the Privileged Access side-panel appear on the left.
    Enabling PAM
    Enabling PAM
  3. From Administration - Privileged Access, configure the default settings for the checkout system, credentials brokering, sensitive information access, default checkout times and synchronizations. The Custom setting allows user groups based access control.
    ServerOp8087
    ServerUs6011
  4. Next, head to Administration – System Permissions – Modules.
  5. Configure the accesses to the PAM system for the users/admins and manage privileged accounts rights on who can edit the privileged entries. Then, click Save.
    PAM Access configuration
    PAM Access configuration

Add a provider

Back to the PAM section in Administration - Privileged Access - Provider, add a provider of any of the available types: Domain User (AD), Local User (SSH), SQL User, Windows users or Azure AD User, MySQL user, Cisco User or Oracle User.

PAM Providers
PAM Providers
PAM Providers
PAM Providers
When adding the provider, make sure you keep the Add Team Folder and Add Scan Configuration options checked.
PAM Provider Configuration
PAM Provider Configuration
For more information, please consult Providers.

Add a scan configuration

  1. Confirm that it is the good provider, domain and domain container (where the accounts are located).
  2. Make sure the Start Scan on Save checkbox is selected.
  3. Click OK.
    PAM Scan Configuration
    PAM Scan Configuration

For more information, please refer to Scan configurations.

Add Vault in the PAM Vaults section

In the PAM Vaults section of Administration - Privileged Accounts, you need to create at least one PAM Vault to contain the accounts. You can customize that particular folder's security options if you do not want to give them the defaults you set during the initial configuration. You can also customize the approvers on the folder directly which will give you a list of the administrators.

PAM Vaults
PAM Vaults

Import accounts from a scan

  1. In the Scan Configuration section, click the result of your initial search.
    View Scan Results
    View Scan Results
  2. Select all the accounts you want to import, and on the top right, click the Import Selected Accounts button.
    Import Selected Entries
    Import Selected Entries
  3. You can put them in the Vault of your choice. You can also choose whether to reset password on import or on check-in (recommended). That way, the password is safe the moment the user checks it back in.
    Import Users
    Import Users
    Once imported, you can click into the v ault and manually check the Synchronization Status in the top right of the screen. You will know the accounts are well synchronized when the credentials does not have an Out of sync red warning next to them.
    PAM Account Sync Check
    PAM Account Sync Check

    You are now ready to use the privileged access management portion of Devolutions Server.