Device Level Configurations in PAM

Securden helps you manage the privileged accounts of various IT assets. While the ‘Accounts’ tab lists the individual accounts of such devices, the ‘Device Level Configurations’ page lists the IT assets. It automatically displays here the list of devices associated with different account types.

The listing helps you carry out various configurations at the device level. The common operations include specifying the remote login credentials to enable Securden to connect to the device, initiating a discovery of accounts, associating remote gateways, and configuring session recording.

To carry out device-level configurations, navigate to Admin >> Account Management >> Device Level Configurations. The GUI that opens displays the account types on the LHS. It also lists the devices that are associated with the accounts belonging to the respective account types.

What are the Possible Configurations on Individual Devices?

You can select any account type and perform actions like configuring session recording and configuring the remote gateway. For the types of accounts for which accounts discovery is supported, you can do accounts discovery too.

To perform these actions, navigate to Admin >> Account Management >> Device Level Configurations, select an account type on the LHS, select one or devices in the middle panel and then click the “Actions” drop-down.

The ‘Actions’ drop-down list will let you

  • Discover accounts from the selected devices (you will see this option only for discovery-supported devices)
  • Configure (Enable/Disable) session recording for the devices
  • Associate/Dissociate a remote gateway for the devices

Associate a remote gateway

You can associate a remote gateway with the selected device(s). Once associated, all remote operations (for all accounts of the selected devices) such as password reset, password verification, etc. will be initiated through the gateway.

Click ‘Associate remote gateway’ and select the required one from the drop-down list. Lastly ‘Save’ changes.

Note: The remote gateway must have already been added to Securden PAM for it to be listed here.

You can dissociate gateways if the devices have previously been configured with one. Click ‘Dissociate’ and ‘Save’ changes. The devices which have not been connected to a remote gateway previously will have no effect.

Configuration on individual devices

You can also perform some operations at the individual account level. Select an individual device from the Device list. You can do the following configurations to the device:

  1. Edit the device address, port, and agent
  2. Provide remote credentials to access the device
  3. Control session recording
  4. Associate a remote gateway to the device
  5. Check device access reports

Edit the device

On clicking the ‘Edit’ icon beside the device, you can change its attributes. This includes the device’s IP address, the port it is linked to, and the agent (if any) that it is associated with.

You can add an agent to the device from the drop-down list.

Provide remote credentials to access the device

By default, the credentials entered during the accounts discovery process are added as credentials for remote actions. If you want to overwrite any credential for any specific computer, you may do so from here. The process of specifying the remote credentials will differ for different types of devices. Detailed instructions for each type are given on the GUI.

How to Read Device-Level Reports

Securden offers a detailed report on each managed device. The report shows you the list of accounts that are part of the selected device, dependencies (in the case of Windows), and activities on the devices.