Adding Resources Manually
In order to manage the passwords of your privileged accounts, you should add your end-points as resources in PAM360. The term resource denotes any server, application, network device or an appliance holding the user accounts and the passwords. There are three different ways of adding resources to PAM360 namely: manual addition of resources, importing resources from a file and discovering resources.
The following are the steps to add resources manually to PAM360 and to store files and other sensitive data:
1. Adding a Resource
Follow the below steps to add a resource manually in PAM360:
- Navigate to Resources >> Add Resource >> Add Manually.
- In the Add Resource window that pops up, fill in the required details:
- Specify the Resource Name which uniquely identifies the resource in PAM360.
- Enter the DNS Name or IP Address of the resource. It is mandatory to provide a valid DNS name or IP address to perform remote operations like remote password reset, account discovery and one-click login.
- Choose the Resource Type from the drop-down (the default value will be Windows). Based on the resource type, PAM360 uses unique procedures for password resets. For example, the password reset mechanism of Windows is not the same as that of Linux or Mac. This field also helps to organize your resources based on their type. To add a custom resource type, click the Add New option beside this field. Enter a custom resource type in the pop up window, such as an App or a printer, click Add and then choose the custom resource from the Resource Type dropdown. To know more about the types of resources supported by PAM360 and how to manage them, click here.
- Choose the Group Name to add all the common servers, say Windows servers or Linux servers, to a single resource group. To add a new group, click Add New, enter a group name, click Add and choose the custom group from the Group Name dropdown. If a custom group is not created, Default Group will be chosen. Click here for more info on resource groups.
- When adding a domain controller with the resource type as WindowsDomain, enter the domain name as NETBIOS in the Domain Name field. This is required for the Windows Service Account Reset feature.
- The fields Description, Department and Location are not mandatory, but having these fields populated with the correct values will be helpful for searching and grouping the resources.
- When adding a web application or a website as a resource, provide the Resource URL and choose the resource type as Web Site Accounts. To access any web-based resource, specify the full URL in this field, for example, https://sso.godaddy.com. This value will be used for the auto-fill feature that works with the help of our browser extensions (Chrome, Firefox and Edge).
- Similar to the above types, PAM360 allows you to add virtual machines managed in an Amazon WorkSpaces client, as resources into the PAM360 repository. While adding AWS Active Directory resources, choose the resource type as WindowsDomain. Click here to learn how to automatically discover virtual machines in an Amazon WorkSpaces client.
- Choose the required Password Policy from the drop-down. When PAM360 randomly generates passwords for accounts, they will be in compliance with the policy chosen here.
- Click Save to add the resource. Click Save & Proceed to add an account.
Note:
For the resource types that support URLs, enter the valid URL in the form of HTTPS-based web links. This will be used to establish a connection to the resources using the HTTPS Gateway Connection method if configured by the administrator.
2. Adding an Account to a Resource
Once resources are added to PAM360, follow the below steps to add user account(s) and passwords to the new resource. You can add an user account to the resource in two ways:
- Navigate to the Resources tab. Click Resource Actions >> Add Accounts beside the newly added resource.
OR
Click the Resource Name of the newly added resource and click Add in the Account Details window that pops up. - Enter the required details in the Add Accounts form as explained below:
- Enter the unique name for the account in the User Account field.
- In the Password field, either enter the password of the account manually if you know it, or generate a password using the Generate Password tool beside this field. If you are entering the password manually, it should be in compliance with the Password Policy you had set for the resource.
Note: To enable password reset in remote systems, ensure that the passwords you enter in this step and the ones in the actual target systems are the same. PAM360 uses these credentials to log in to the target systems for resetting the password, and if the passwords are wrong, the password reset will not happen.
- Choose the required Password Policy for the account - Strong, Medium, or Low. The password policy is maintained at resource level and account level, and the account level policy can override the value of the resource level password policy. Click here to learn more about creating custom password policies apart from the default ones.
- If the account (particularly website accounts) is enabled with TOTP as the Two-Factor Authentication (2FA), input the TOTP Secret Key. This allows the users to directly access the account through the PAM360 interface, streamlining the generation of TOTP one-time codes alongside with shared passwords.
- By default, the account configured with TOTP as the 2FA supports the SHA1 Algorithm, 6-digit TOTP codes, and a validity of 30 seconds. If the account supports a different set of parameters for TOTP codes, please select the appropriate TOTP Algorithm and TOTP Digits and enter the TOTP Validity in seconds by clicking upon the Settings dropdown beside the TOTP Secret Key field.
Note that if the TOTP Algorithm, TOTP Digits, and TOTP validity differ between the account and the values entered here, the authentication mechanism will not work as expected due to the generation of incorrect one-time codes. Also, once configured, the TOTP secret key cannot be retrieved again for the account. Therefore, exercise caution to ensure that the values entered or selected here match those values supported by the account.
- By default, the account configured with TOTP as the 2FA supports the SHA1 Algorithm, 6-digit TOTP codes, and a validity of 30 seconds. If the account supports a different set of parameters for TOTP codes, please select the appropriate TOTP Algorithm and TOTP Digits and enter the TOTP Validity in seconds by clicking upon the Settings dropdown beside the TOTP Secret Key field.
- It is recommended to provide any particular details of the account in the Description field as this field will also be searched through when you search for a particular account using PAM360's search tool.
- To import an SSH key and associate it with this account, click Browse and add a .key file. Enter the Private Key Name and Private Key Password in the next fields.
- Select the checkbox Use Private Key for Login to authorize remote connections using SSH keys instead of account credentials. Click here to know more about remote connection using SSH keys.
- Select the checkbox Map Private Key in PAM360 to force map SSH keys to user accounts, even if the target systems are not reachable.
- Click Save to add and list this account under the User Account column on the same page. You can add any number of accounts under a particular resource by following the above steps; all the accounts will be listed below the User Accounts table.
Performing the above steps will add the required user account(s) and password(s) to the resource. Users who are authorized to access the resource will be able to view the information.
3. Storing Files and Other Sensitive Data
PAM360 allows users to store other types of sensitive data such as:
- Digital Certificates
- License Keys
- Files
- Documents
- Photo Copies
Different file types can be securely stored in the PAM360 repository along with their passwords. To store a license key, certificate, document, etc., follow the below steps:
- Navigate to the Resources >> Add Resource >> Add Manually.
- In the Add Resource window, fill in the details as required.
- Specify the Resource Name which uniquely identifies the resource in PAM360.
- Enter the DNS Name or IP Address of the resource. It is mandatory to provide a valid DNS name or IP address to perform remote operations like remote password reset, account discovery and one-click login.
- Select the Resource Type as any one of the following: (By default, PAM360 supports the following file stores)
- File Store: To store digital content (documents, pictures, executables etc).
- Key Store: To store software keys.
- License Store: To store software license keys.
- To add a custom resource type, click the Add New option beside this field. Enter a custom resource type in the pop up window, such as KeyStore, click Add and then choose the custom resource from the Resource Type drop-down.
- The fields Description, Department and Location are not mandatory, but having these fields populated with the correct values will be helpful for searching and grouping the resources.
- Click Save to save the resource and exit.
- Click Save & Proceed to import and save the required Key/File/License under the resource.
- In the Add Accounts window that opens up, the fields will be shown based on the Resource Name you chose (File Store, Key Store, or License Store). Fill them as required:
- Specify the Key Name/File Name/License Name, to be stored under the resource.
- Click Browse and choose the Key/File/License to be imported.
- Enter a description in the Description field.
- Click Save.
Now, the Key/File/License will be successfully saved under the resource.
Note: Resources of the above types are managed and shared in the same way as other resources. During retrieval, a link to the file is provided for it to be saved locally to the disc.