In this topic, you will find the steps on how to get started with the Privileged Access Management features in Devolutions Server.
First, you will need to be logged as an administrator in your Devolutions Server.
PAM Settings Configuration
- Head to Administration – Licenses.
- Add the Privileged Access Management license to make the Privileged Access side-panel appear on the left.
- From Administration - Privileged Access, configure the default settings for the checkout system, credentials brokering, sensitive information access, default checkout times and synchronizations. The Custom setting allows user groups based access control.
- Next, head to Administration – System Permissions – Modules.
- Configure the accesses to the PAM system for the users/admins and manage privileged accounts rights on who can edit the privileged entries. Then, click Save.
Add a provider
Back to the PAM section in Administration - Privileged Access - Provider, add a provider of any of the available types: Domain User (AD), Local User (SSH), SQL User, Windows users or Azure AD User, MySQL user, Cisco User or Oracle User.
When adding the provider, make sure you keep the Add Team Folder and Add Scan Configuration options checked. For more information, please consult Providers.
Add a scan configuration
- Confirm that it is the good provider, domain and domain container (where the accounts are located).
- Make sure the Start Scan on Save checkbox is selected.
- Click OK.
For more information, please refer to Scan configurations.
Add Vault in the PAM Vaults section
In the PAM Vaults section of Administration - Privileged Accounts, you need to create at least one PAM Vault to contain the accounts. You can customize that particular folder's security options if you do not want to give them the defaults you set during the initial configuration. You can also customize the approvers on the folder directly which will give you a list of the administrators.
Import accounts from a scan
- In the Scan Configuration section, click the result of your initial search.
- Select all the accounts you want to import, and on the top right, click the Import Selected Accounts button.
- You can put them in the Vault of your choice. You can also choose whether to reset password on import or on check-in (recommended). That way, the password is safe the moment the user checks it back in.
Once imported, you can click into the v ault and manually check the Synchronization Status in the top right of the screen. You will know the accounts are well synchronized when the credentials does not have an Out of sync red warning next to them.
You are now ready to use the privileged access management portion of Devolutions Server.