Product Integrations

One Identity Privileged Access Management (PAM)

One Identity PAM solutions mitigates security risks and helps achieve compliance by securing, controlling, monitoring, analyzing, and governing privileged access to critical organizational data and applications. The result is enhanced security and easier compliance with more efficient administration and governance of privileged access.

Configure PAM Appliance Information

1. From the navigation menu, select Scan Settings > PAM Profiles.

2. Select + Add PAM Profile.

   

3. Enter the requested information in each of the General Info boxes.

   

   NOTE: The username for the credential (not the Safeguard PAM user) is case sensitive. This is unlike our normal auth scan in which the username is not case sensitive. For example, LAB\DDIAUTHSCAN works in auth scan , but fails with the PAM scan. LAB\DDIAuthScan works in auth scan and also in PAM scan. DDIAuthScan is the username.
   

4. Once you have configured and saved your PAM profile, create scan credentials with your PAM profile as-per-usual through Fortra VM’s existing Credential Manager by selecting Windows-PAM or SSH Password-PAM as the credential type.

   

5. Once you have configured and saved your PAM credential settings, they will be available for use as-per-usual under the Credentials section when configuring Scan Policies.

   

Scan Requirements

Configure the following in One Identity Safeguard:

1. General: Priority - Set to 1.

   

2. Scope - Add all accounts that will be in use for scanning.

   

3. Requester:

   1. Require Comment - Leave the checkbox cleared.

   2. Allow Requester to Change Duration - Select the checkbox.

   3. Maximum Time Requester Can Have Access - Minimum of 23 hrs.

      

4. Approver and Reviewer:

   1. Approver > Auto-Approved - Selected.

   2. Reviewer > Review Not Required - Selected.

      

5. Access Config:

   1. Change password after check-in - Clear the checkbox.
   2. Allow simultaneous Access - Select the checkbox.

   3. Maximum users at one time - Set to at least 10.

      

6. Users - The Safeguard User who will use the above described Entitlement must have these minimum permissions as well.

   1. Users > [username] > Permissions - Select the User or Help Desk and Auditor checkboxes.