PAM360 Mobile Application - iOS31 minutes to read
PAM360's mobile application for iOS brings the solution's comprehensive enterprise password management features to your fingertips, thereby making on-the-go management of your enterprise's privileged accounts and passwords more accessible through your mobile device. Since the iOS application uses advanced AES-256 encryption to encrypt all your data, accessing your enterprise accounts through your iOS device is just as secure as PAM360's desktop installation. The mobile application also secures all communication between your PAM360 server and the iOS application using the HTTPS protocol over SSL.
At the end of this document, you will have learned the following:
1. Salient FeaturesPAM360's iOS application comes with an all-encompassing set of features that can help you take control of your privileged accounts, even when you are away from the desktop installation.
2. How does Secure Authentication work in the PAM360 Mobile Application?The application offers Two-Factor Authentication (TFA) for enhanced security. Once enabled, users have to authenticate themselves through two successive stages to access the mobile interface. There are three ways of doing the first level of authentication: PAM360's native authentication using Active Directory/LDAP/Microsoft Entra ID credentials, or via SAML SSO. The second level of authentication can be done through any of the Two-Factor Authentication provisions supported by PAM360. After the Two-Factor Authentication is complete, PAM360 prompts you to set up a passphrase for your account, with a minimum of 8 characters, used for mobile authentication. All your offline data is encrypted using the advanced AES-256 encryption algorithm. Please note that the application does not store your passphrase, and it is mandatory to enter the passphrase during login. Administrators can selectively allow or restrict mobile application access to users. Navigate to Admin >> Users >> More Actions and click the Restrict Mobile Access option. The users with the restriction cannot log in to their PAM360 accounts through the iOS application. Similarly, administrators can allow users to cache passwords in their mobile devices. Go to Admin >> General Settings >> User Management and select Allow password caching for offline access via mobile. Leave this option unchecked to restrict users from accessing passwords offline. 3. Getting Started with the Application3.1 Application Overview
3.2 Installation and AuthenticationFollow the below steps to download and install the PAM360 mobile application:
4. PAM360 iOS Application - Navigation MenuOnce you have signed into your PAM360 account through the iOS application, you will see the Navigation Menu on the main screen with the following options that will help you navigate the iOS application efficiently: i. Choosing Client Organization as an MSP UserIf you are an MSP user, PAM360's iOS application allows you to manage the administrative passwords of all your clients separately from a single management console. The application neatly segregates client organizations into different sections, which you can tap to view all the passwords belonging to that particular organization. As MSP admin, even though you can view the names of the organizations you manage, you will be able to view the data on all your customers only if you add their resources or if they share their resources with you. Your clients will be able to view the data belonging to their organization only. As an MSP user, you can choose a client organization and view all the resources under it. To do so:
4.1 EnterpriseBy default, the application displays a list of all the resources on the main screen. From here, tap on any resource to view the accounts associated with it. Tap the hamburger icon at the top left corner to open the Enterprise menu. This menu displays a list of resources owned or managed by you, categorized as below:
Each menu has a dedicated Search icon that allows you to locate accounts within the menu. The application loads a list of accounts as and when you scroll. When you search for an account using a keyword, the application searches for the keyword only in the already loaded list; to search through all available accounts, scroll to the end of the list to load all the accounts.
4.2 RequestsPAM360 provides an access control mechanism that allows administrators to grant password access to users for a specific period. Admins can start granting exclusive privileges once a password is ready to share, and only one user is allowed to use a particular password at a single point in time. Through PAM360's iOS application, administrators can view the list of pending password access requests from other users and act upon them. As an administrator, the Password Access Requests tab offers two sections:
To send a password access request, tap an account, and tap the Request option in the account details section. Once your request has gone through, the status will change to Waiting for Approval. Once an admin has approved your password request, you will be notified of the same, and the password will be available for Check Out. Once you check out the password for use, the status changes to In Use. Other users can see this status change in both the Check-In tab and the Account Details section of the particular account. To give up access to the password, tap the Check-In option. Now, the password is checked back into the PAM360 vault. Once you check in the password and give up your access, you must go through the request-release workflow once again, if you should need access to it again. PAM360's iOS application also supports ticketing desk integration. Through the integration, PAM360 will prompt users to provide a ticket ID along with their request. Then, PAM360 will validate whether the ticket ID entered by the user exists in the ticketing system or not and only then grant access to the user to view the password. 4.3 AdvancedAdvanced Search in PAM360's iOS application is a handy feature that can help you find any particular user or resource instantly. Tap Advanced from the navigation menu to either enter a keyword like Name, Department, Location, or use one of the many search filters available to tailor your search better. The Advanced Search section offers two separate tabs: Enterprise and Personal. In the Enterprise section, you can use search filters to tailor your search. The available search filters are Resource Name, DNS Name, User Account, Resource Type, Resource Description, Department, Location, Domain Name, and Resource URL. In the Personal section, the available search filters are Web Accounts, Banking, Credit Cards, and Contacts. In addition to these default search filters, if you have created any additional fields in PAM360's desktop installation, those custom column names will also appear as filters in the Advanced Search page. For example, the
4.4 PersonalApart from storing enterprise passwords, PAM360's iOS application allows you to store personal passwords in the PAM360 repository. The application provides four default categories: Web Accounts, Banking, Credit Cards, and Contacts. Among these categories, you can save your utmost personal data such as your personal email account information, credit card numbers, and other banking data, contact addresses, and phone numbers. In addition to the default categories, add any number of additional custom fields to your Personal tab from the desktop application to store other information. For instance, if you wish to store details about the properties that you own, then add a custom category named Properties. The application stores your personal data in a private repository that only you can access through the Personal tab. All information stored here is encrypted independently and hidden from all other users, including the administrator. While adding account details to the Personal tab, there is an option to add Tags. Under this attribute, add keywords that can be used to search for the account under a particular category. Tap the Search icon and enter a keyword that was previously added as a tag to locate the account you are looking for. 4.4.1 Setting up a Personal PassphraseTo use the Personal tab in the application, you must set up a valid passphrase in PAM360's desktop installation and activate your Personal repository; do ensure the passphrase you provide matches the complexity rules enforced by your organization, if any. Once you set up your passphrase, you must enter it every time you need access to your personal passwords. Tap the refresh icon available at the top in case there is a change in the status of the personal passphrase. For example, if you try to login to your personal repository before setting up a passphrase, the application will not let you in. Once you create a passphrase in the desktop application, you can hit refresh in this page and login with your newly created passphrase right away, without moving out of the Personal tab.
Alternatively, PAM360's iOS application provides the option to login to the Personal tab using your mobile device's Touch ID. Click
4.4.2 Exiting the Personal TabTo exit the Personal tab, tap the lock icon at the top right corner. You will return to the All My Passwords section and the Personal tab will be locked. To enter the Personal tab again, you must supply the passphrase again. 4.5 SettingsThe Settings menu offers a comprehensive collection of options that are split categorically for ease of use. Use this menu to customize various security options, view login details, privacy policy of the iOS application, and more. 4.5.1 LoginThe Login section displays the Username and Server address to which PAM360 is currently connected. If the High Availability feature is turned on in your environment, then the iOS application will also display the secondary server details on the Settings page. If the primary server is down, you can connect it to the secondary server for uninterrupted service. 4.5.2 Smart LoginThe Smart Login feature enables seamless access to the PAM360 web interface by simply scanning the QR code presented on the PAM360 webpage. This direct login approach streamlines the process, providing password less authentication and substantially minimizing the effort required for web login, all while maintaining robust security measures.
4.5.3 SecurityThe Security section has the following options:
4.5.4 Touch IDUse the toggle buttons to enable Touch ID support to access your Enterprise and Personal passwords. Enabling Touch ID will allow you to access your passwords without having to enter your passphrase every time. However, please note that, if you enable this option, your login credentials will be stored in your device's keychain. 4.5.5 Offline AccessThe toggle buttons beside Enterprise and Personal indicate whether the PAM360 application is currently in online or offline mode. PAM360's iOS application offers a secure offline mode that allows you to access passwords even when you do not have access to the internet. To access passwords in the offline mode, download the required passwords first; only the passwords which are downloaded before going offline would be available for access in the offline mode. Apart from downloading individual passwords, the application allows you to download a group of passwords from the Enterprise menu, such as the Favorites, Recents, Windows RDP Passwords, and SSH Passwords. Additionally, you can download resource groups and personal passwords. To download passwords for offline access, go to the Enterprise menu, and click the downward arrow beside the required list of passwords. Note: Offline mode will work only if the Allow password caching for offline access via mobile option is enabled in General Settings. 4.5.6 ThemesUsing this option, change the background color of your application. As of now, there are four colors to choose from: Blue, Green, Red, and Dark Blue. 4.5.7 AnalyticsApart from the above options, you can choose to share Usage Statistics or Crash Reports to ManageEngine by using toggle buttons under Analytics. Usage statistics data gives an insight into usability data such as what features of the application you use more, how frequently, etc. This type of data is used as research to learn user behavior, gather pain points, if any, and enhance the application's performance and user experience based on the data. Crash reports are detailed system logs that capture the state of the application when the crash happens. Collecting and analyzing this data will help us learn what caused the application to crash and rectify it in the next version. 4.5.8 Clear Offline DataUnder this, you will find two options:
4.5.9 AboutFeedback - This option allows you to leave feedback regarding the functionality of the application anonymously. Rate This App - This option redirects you to the App Store where you can leave a rating for the application. Take a Tour - This option offers you a brief and concise tour of the main functionalities of the application. In addition to the above, you can read PAM360's Privacy Policy and Acknowledgments in this section. 5. Uninstalling the Mobile ApplicationTo uninstall the mobile application, follow the below steps:
Now, the PAM360 mobile application is successfully uninstalled. Once you uninstall the application, all PAM360-related data is removed from the device.
| ||||||||||||||||||||||||||||||||||||||||||||
[Webinar] Weave privileged access security into your org-wide ITSM workflows. Register now