PAM360 Mobile Application - iOS

PAM360 offers a robust and secure mobile solution, extending its powerful Privileged Access Management (PAM) capabilities to iOS devices. The iOS application allows you to manage and secure privileged accounts and passwords within your organization efficiently using your mobile device, providing flexibility and ease of access. With the iOS application, you can enjoy seamless access to your privileged resources, ensuring complete control over your sensitive data on the go. The application features AES-256 encryption for data protection and secures all communication between the PAM360 server and the application via HTTPS over SSL. The PAM360 iOS application guarantees the same high-level security that you would expect from the desktop version of PAM360.

With the mobile application, you can easily view resources, accounts, SSL certificates, and SSH keys while managing sensitive enterprise and personal passwords. With its robust feature set, the iOS application ensures you maintain control over your organization's critical resources from anywhere. This document introduces you to the application's features, setup process, and operational functionalities, helping you fully leverage PAM360's mobile capabilities.

This document will guide you through the following topics:

1. PAM360 Capabilities in iOS Application
2. Mobile Application Access to Users
3. Getting started with the iOS Application
4. Choosing Client Organization as an MSP User
5. Enterprise
6. Requests
7. Personal
8. Settings
9. Smart Login

1. PAM360 Capabilities in iOS Application

The PAM360 mobile application offers a comprehensive suite of features to help you manage privileged accounts and resources within your environment efficiently, even when you are away from your desktop. The following table highlights each feature and its purpose, helping you make the most of PAM360 on the go.

2. Mobile Application Access to Users

The PAM360 mobile application supports Two-Factor Authentication (TFA) for enhanced security. Once enabled, users must authenticate through two successive stages to access the PAM360's mobile interface. The first level of authentication can be achieved in one of the three following ways: PAM360's native authentication, Active Directory/LDAP/Microsoft Entra ID credentials, SAML SSO. The second level of authentication can be performed using any of the TFA provisions supported by PAM360. Refer to this document to see the different TFA provisions supported by PAM360. Administrators can selectively allow or restrict mobile application access for users. To restrict mobile access:

1. Navigate to Users >> More Actions >> Configure >> Mobile Application Access.
   
2. On the Mobile Application Access window, use the toggle switch under the Actions column beside the desired user to configure mobile access for that user.
   

To allow password caching for users, follow these steps:

1. Go to Admin >> Customization >> General Settings >> User Management.
2. Enable the Allow password caching for offline access via mobile option to allow users to cache passwords for offline access.
3. Leave this option unchecked to prevent users from accessing the passwords offline.
   

3. Getting Started with the PAM360 Application

To securely access and manage your privileged accounts on the go, you must first set up the PAM360 iOS application. Installing the PAM360 mobile app is as simple as installing any other mobile application. Follow these steps to install the application:

1. Open the App Store application on your mobile device.
2. Search for ManageEngine PAM360 and select the official application.
3. Tap Install to download and install the application.
4. Alternatively, you can use this direct link to download the PAM360 mobile application.

Once the installation is complete, launch the ManageEngine PAM360 app and enter the following required details to get started:

1. Enter the Server Name or IP address of the machine where the PAM360 server is running and the Port number. Enter the server name/IP address in the format https://Hostname or https://IPaddress.
2. Click Save to access the PAM360 instance in your environment.
   • If your PAM360 server is on a physical network, ensure that the PAM360 server and mobile device are connected to the same network.
   • If your PAM360 server is hosted in the cloud, you can access the PAM360 interface via the mobile application from a different network as well.

   Additional Detail

   If you are a PAM360 MSP user, you will be prompted to enter your organization name after entering the server name/IP address and the port number. Enter the organization name in the given field. Users created under specific organizations must enter their respective organization names in the Organization field to access their PAM360 accounts. Entering an incorrect or invalid organization name will prevent access to the PAM360 account.

3. On the PAM360 login page, enter your account credentials, select the appropriate authentication method from the provided drop-down menu, and click Login to log into your PAM360 account. The PAM360 iOS application supports all the authentication methods similar to the PAM360 web-interface login.

4. Upon logging into your account, you must set up a Passphrase for enhanced security. Enter a passphrase of your choice in the designated fields. This passphrase must contain a minimum of eight characters, will be used for mobile authentication, and to encrypt and decrypt cached passwords for offline viewing. It employs the advanced AES-256 encryption algorithm to ensure the security of all offline data.

4. Choosing Client Organization as an MSP User

If you are a PAM360 MSP user, you can switch between MSP and Client Organizations in the PAM360 iOS application. This section provides instructions for managing client organizations in the PAM360 mobile application. PAM360's iOS application empowers MSP administrators to manage administrative passwords for different client organizations separately from a single management console. The application categorizes client organizations into distinct sections, allowing you to tap and view all the associated passwords within a specific organization. To switch to the client organization:

1. Tap the Menu icon on the top-left corner of the screen on the Enterprise section.
2. Tap on your organization name to open the Organizations page, where you will see a list of all the organizations you manage.
3. Select the desired organization to view and manage all the associated resources within that organization.
   
   

5. Enterprise

Upon logging into the PAM360 iOS application, you will see the home screen, which features a bottom Navigation Menu. The navigation menu is designed to provide quick and easy access to various functionalities available within the iOS application. By default, the Enterprise section is displayed on the home screen when you log into the iOS application. This section features a menu icon that grants access to various enterprise filters, as well as the SSH keys and resource groups you own or manage. As shown below, the Enterprise section is organized into multiple sub-sections, allowing for easy access and efficient management of your resources. Tap the Menu icon on the top-left corner of the screen or long press the Enterprise icon to view the following options:

1. All My Passwords - The default home screen you see upon logging into your PAM360 iOS application. Select this filter to view a list of all the resources you own, manage, and those shared with you.
2. Favorites - The favorites view displays a list of all the resources and their respective accounts marked as favorites from the accounts view.
3. Recents - Select this filter to view all the resources and their respective accounts you accessed recently.
4. Windows RDP Passwords - Choose this filter to view a list of all the Windows RDP resources and their accounts you own, manage, or those shared with you.
5. SSH Passwords - The SSH passwords view displays a list of resources with SSH accounts that you own, manage, or those shared with you.
6. SSH Keys - Tap this option to view the list of SSH keys you own or manage.
7. SSL Certificates - Tap this option to view all the SSL certificates you own or manage within your environment.
8. Resource Groups - Tap this option to view all the resource groups you own or those shared with you.
   
   
   

All these sections include a dedicated Search icon for locating accounts within that section. The application dynamically loads accounts as you scroll. When searching for an account using a keyword, the application searches only within the currently loaded accounts. To search through all available accounts, scroll to the end of the list to ensure all accounts are loaded. Additionally, any custom fields added in the enterprise section from the PAM360's web interface will be available as filters, allowing you to tailor the search function to meet your custom needs.

You can also download your enterprise passwords for offline access. To do this, tap the Menu icon on the home screen, then tap the download icon next to the desired category. This action will download all passwords available under that category for offline access. For instance, tapping the download icon next to the Favorites option will make all user accounts and their corresponding passwords marked as favorites accessible offline

5.1 All My Passwords

The All My Passwords view displays a list of all the resources within your environment that you own, manage, or those shared with you. Tap on any resource to see the list of accounts and their corresponding passwords. Click the info icon beside the resource name to view the resource details such as resource owner, DNS name, resource type, and password policy. Tap the Key icon beside the desired account to view or copy its password.

Mark frequently accessed accounts as favorites by tapping the Star icon beside the desired account. Marking passwords as favorites allows you to locate a specific account and its password without scrolling through the entire list each time. These accounts will be available under the Favorites view. Tap the desired account from the list to see its details, including account name, password, resource name, and additional information such as notes and last accessed time. You can also configure TOTP for an account from the Account Details page.

Users can request access to a password associated with a resource configured with access control workflow. To request a password, select the desired resource, choose the account for which you need the password, and then tap the Request option on the Account Details page. You will be prompted to enter a reason for requesting the password. Enter the reason for requesting access to the selected account in the Reason pop-up window and tap the tick icon to submit the request. Once the request is submitted, its status will change to Waiting for Approval. After an authorized administrator(s) approves your request, the password will be available for check-out. Tap the Check-Out option on the Account Details screen to access the password.

Upon checking out the password, its status will change to In Use, which will be visible to other users in both the Check-In tab and the Account Details section. To relinquish access, tap the Check-In button to return the password to the PAM360 vault. If you need access to the password again, you must repeat the request-release workflow. If your PAM360 server is integrated with a ticketing system, you must provide a valid ticket ID and reason for the request while requesting password access. PAM360 will validate the ticket ID with the ticketing system before granting access to the password.

You can perform the aforementioned actions from the Favorites, Recents, Windows RDP Passwords, and SSH Passwords views as well.

5.2 SSH Keys

To view the SSH keys you own or manage, select SSH Keys from the menu. On the SSH Keys page, you will see a list of all the SSH keys you own or those shared with you. Tap the desired SSH key to view its details, including key name, type, length, fingerprint, age, owner, and passphrase. Tap the eye icon on the Key Details page to view or copy the SSH passphrase.

5.3 SSL Certificates

To view the SSL certificates you own or manage, select SSL Certificates from the menu. On the SSL Certificates page, you will see a list of all the certificates you own or those shared with you. Tap the desired certificate to view its details, including common name/IP address, port, validity period, SAN, issuer, signature algorithm, fingerprint, serial number, key algorithm, key size, and associated domain.

5.4 Resource Groups

You can view all the resource groups you own or those shared with you via the PAM360 iOS application. Select the Resource Groups option from the Menu to access the resource groups you own or manage. If a resource group has a subgroup(s), a sub-group icon will be displayed beside the group name. Click the sub-group icon to view the available subgroups. Tap the respective resource group/subgroup to view the list of resources available under that specific group. Select the desired resource to view the list of accounts available within that resource, and tap the desired account to view its details. You can also download resource groups for offline access. To do this, tap the download icon next to the desired resource group. This action will download the selected resource group, including its member resources and passwords, for offline access.

6. Requests

PAM360 enables administrators to manage password access requests via the PAM360 mobile application. Administrators can view and act upon pending and approved password access requests from the Requests section. This section is divided into two tabs: Pending and Check-In.

• Pending: The pending tab displays a list of all the password access requests awaiting approval from administrators. Before making a decision, administrators can review the relevant resource and account details along with the reason provided by the user for accessing the password. To approve or reject a password access request, tap the Approve or Reject option, respectively.
• Check-In: The check-in tab features all the approved requests. Administrators can revoke password access to users by checking in the passwords that are currently in use. They can also verify the status of an approved request, identifying whether the password is currently checked out or yet to be used. Tap the Check-In option to revoke password access and return the password to the vault.
  

7. Personal

You can access the personal data stored within the Personal tab from the PAM360 mobile application. Before you can access your personal details on the mobile application, you must first set a passphrase for the personal tab via the PAM360 web interface. Once you set up a passphrase, you can add your personal details, such as Web Accounts, Banking, Credit Cards, and Contacts, and access them via the mobile application. Access the Personal section and enter your passphrase to access your personal passwords via the mobile application. Upon entering the Personal section, you will see a list of all the available accounts. Tap the Menu icon on the top-left corner of the screen to view the list of available categories. Any custom categories added to the personal tab via the PAM360 web interface will be available here, alongside the default categories. Select the desired category to view the list of accounts added under that particular category.

On the category page, you can:

• View Account Details: Tap the desired account to view its details.
• Edit Accounts: Tap the edit icon on the Account Details page that appears after tapping on a specific account to modify the selected account.
• Add Accounts: Tap the (+) option on the respective category page to add new accounts to that category. Any custom fields added via the PAM360 web interface will be available while adding an account.
• Favorites: Tap the star icon beside the account name on the Account Details view to mark the selected account as a favorite. Marking passwords as favorites helps you locate a particular account and its password effortlessly without the need to scroll through the entire list every time, as passwords marked as favorites will be displayed at the top of the list.
• Search: Use the search option on the category page to locate the desired account within the selected category effortlessly, without needing to scroll through the entire list.
  

8. Settings

The Settings menu on the PAM360 iOS application offers a comprehensive collection of options organized into different categories, enabling you to customize and secure your mobile application experience based on your preference. Tap the Settings option on the bottom navigation menu to access the PAM360 mobile (iOS) settings. On the Settings page, you can view and manage login options, customize various security and privacy settings, review the privacy policy, and modify general application settings.

These settings are organized into various categories as shown below:

1. Login

1. Username - The name of the PAM360 account to which you are currently logged in.
2. Server Address - The server address to which the PAM360 mobile application is connected.

   Additional Detail

   If the High Availability feature is enabled in your environment, the secondary server address is also displayed under the Login section.

2. Security

1. Stay active in the background for - Set the duration for which the application should remain logged in the background. You can choose a time frame ranging from 1 to 8 hours, enabling seamless switching between PAM360 and other applications without having to log into your PAM360 application every time you switch between applications. Alternatively, select Never to ensure the application logs out immediately when it goes into the background.
2. Skip passphrase for - Set the duration for which the application should not prompt for your passphrase if you momentarily exit the app without logging out. You can select a period ranging from 30 to 120 seconds. Alternatively, select Never to always require a passphrase upon accessing the application.
3. Clear Clipboard - PAM360's iOS application can temporarily store the data you copy within the application in the clipboard. To copy a password, tap the Copy option next to it. Use the Clear Clipboard option to set how long the copied content remains in the clipboard, with options ranging from 30 to 120 seconds. Alternatively, select Never to avoid saving any copied content in the clipboard.
4. Reset Passphrase - Tap this option to reset your passphrase for mobile authentication. Note that resetting the passphrase will erase all the cached enterprise data from this device.
   

3. Face ID

1. Enterprise - Enable this option to access your enterprise passwords using Face ID instead of your login credentials and passphrase every time you log into your iOS application, providing quick and secure access to your enterprise resources.
2. Personal - Enable this option to access your personal passwords using Face ID instead of entering your personal passphrase each time you access the personal tab.

4. Offline Access

1. Enterprise - Allow offline access to enterprise passwords and resources. When this option is enabled, you can download and cache enterprise passwords on your device for access when there is no internet connection. Note that only the passwords cached for offline access will be available.
2. Personal - Enable offline access for your personal passwords. This feature allows you to cache your personal passwords to your device, ensuring you can access them even without an internet connection. Ensure you download the necessary passwords before going offline to ensure they are available when needed.

   Additional Detail

   Offline Mode is enabled only when the Allow password caching for offline access via mobile option is enabled on the Admin >> Customization >> General Settings >> User Management page.

5. Themes - Select the desired skin color from the available list of options. The selected color will be applied to the overall interface, ensuring a cohesive and visually appealing user experience. This option allows you to customize the appearance of the PAM360 iOS application to match your preferences.

6. Analytics

1. Send crash reports - Enable this option to share crash reports to ManageEngine. These reports contain detailed logs of the application's state at the time of a crash, helping us identify and fix issues to improve stability and performance in future updates.
2. Share usage reports - Enable this option to share usage data with ManageEngine. This data provides insights into how often and extensively various features are used, helping us understand user behavior, identify pain points, and enhance the overall performance and user experience of the application.

7. Clear Offline Data

1. Clear Enterprise offline data - Use this option to remove all cached enterprise passwords from your device.
2. Clear Personal offline data - Use this option to clear all cached personal passwords from your device. This will delete all offline data related to your personal vault.

8. About

1. Feedback - Share your thoughts and suggestions to help us improve the PAM360 mobile application.
2. Rate this app - Tap this option to rate us based on your experience. If you enjoy your experience with the PAM360 iOS application, tap the Thumbs Up icon to rate us on the App Store. If you click the Thumbs Down icon, you will see the Feedback form.
3. Take a tour - Tap this option to gain an interactive walkthrough of the application's features and functionalities. This guided tour helps you familiarize yourself with the various sections and capabilities of the application.
4. Privacy Policy - Review the privacy policy to understand how your data is collected, used, and protected.
   

9. Smart Login

The Smart Login feature in PAM360 offers a seamless way to access the PAM360 web interface by scanning a QR code displayed on the web login page using the PAM360 mobile application. This direct login method simplifies the process, providing password-less authentication, significantly reducing the effort required for web login while maintaining robust security. To log into the web application using the Smart Login option, follow these steps:

1. Access the PAM360 web interface and click the Smart Login option on the login page.
2. Tap the QR Code icon on the bottom Navigation Menu in the PAM360 iOS application and enter your passphrase to access the QR scanner.
3. Scan the QR code displayed on the web interface using the QR scanner on the mobile application.
4. After authentication, you will be logged into your PAM360 account on the web interface.