Secure Cloud Storage Options for Anytime, Anywhere Access to Passwords

In addition to the options to export passwords to a spreadsheet in plain-text or to an encrypted HTML file, PAM360 provides cloud storage provisions to enable anytime, anywhere access to passwords in a secure way. This can be done by enabling auto-synchronization of the encrypted HTML file to the authorized users' mobile devices via Dropbox, Amazon S3, and Box accounts. Typical use case scenarios for this option include:

  • A managed service provider (MSP) using PAM360 to store shared passwords of their clients and technicians; has no access to the application inside the client's network while visiting them.
  • Technicians working in DMZs with no access to the application's web UI.

To enable cloud storage option for users and set up synchronization for each option, refer to their respective sections given below:

  1. Steps to Configure Dropbox Synchronization
  2. Steps to Configure Amazon S3 Synchronization
  3. Steps to Configure Box Synchronization

1. Steps to Configure Dropbox Synchronization

To enable Dropbox sync for your users, follow the below steps:

  1. Go to Admin >> Integration >> Cloud Storage.
  2. In the page that loads, select Dropbox. Then, click the link - Test Dropbox Connection for this PAM360 Installation. This basically checks the proxy settings (if applicable in your environment) and does the necessary background processes to try and connect to the Dropbox app named "ManageEngine PAM360" created by PAM360 for this purpose. A successful connection will enable users to upload the encrypted HTML file to their Dropbox account.

  3. Then, click Save. Dropbox synchronization will be enabled for users in your organization.

1.1 Steps to Export and Synchronize the Encrypted HTML file to Dropbox

If you are a user who wants to export and synchronize the encrypted HTML file to your Dropbox account (provided that you already have a Dropbox account. If not, create one to proceed with the following steps), 

  1. Go to Resources >> Export >> Sync with Dropbox for Mobile Access.
  2. In the dialog box that opens, click Authorize. A new window will open, asking you to log into Dropbox account. Once you log in, the page will display a request from PAM360 to access its folder ManageEngine PAM360 inside your Dropbox account. Click Allow to approve the request.
  3. A Dropbox code will be displayed as shown in the image below. Copy the code and navigate back to the PAM360 active session in the other browser tab. Paste the Dropbox code in the displayed text field and click Save. 
  4. Now, click on Export again and select Sync with Dropbox for Mobile Access.
  5. In the dialog box that opens, set a passphrase for that HTML file that you are about to export. The file will be encrypted using AES-256 bit algorithm with the passphrase you supply here. Then, enter your reason for export if mandated by your PAM360 administrator. 
  6. Click Proceed. Once the HTML file has been successfully synchronized, PAM360 will shortly display a message at the bottom left corner of the UI. You can click on the message or directly access your Dropbox account to check if the file has been synchronized. In your Dropbox account, the encrypted HTML file will appear under a new folder created in the name of ManageEngine PAM360.

2. Steps to Configure Amazon S3 Synchronization

To enable Amazon S3 sync for your users, follow the below steps:

  1. Go to Admin >> Integration >> Cloud Storage. 
  2. In the page that loads, select Amazon S3 and click 'Save'. Amazon S3 synchronization will be enabled for users in your organization.

2.1 Steps to Export and Synchronize the Encrypted HTML file to Amazon S3

If you are a user who wants to export and synchronize the encrypted HTML file to your Amazon S3 account (provided that you already have an Amazon S3 account. If not, create one to proceed with the following steps), 

  1. Go to Resources >> Export >> Sync with Amazon S3 for Mobile Access.
  2. In the dialog box that opens, you have to provide the following details: Access key ID, Secret access key, and Bucket Name.
  3. Access key ID and Secret access key are user security credentials that are automatically assigned to you when your AWS administrator creates your user profile in your organization's AWS account. The credentials are usually sent via an email to your inbox. In case you do not have access to your Access key ID and Secret access key, contact your AWS administrator.
  4. Bucket Name: Bucket Names are the names of the folder that you create in your Amazon S3 account. Here, provide the Bucket Name of an existing folder. This is where the encrypted HTML file will be stored upon synchronization. 
  5. After providing the required details, click Save.
  6. Now, click on Export again and select Sync with Amazon S3 for Mobile Access.
  7. In the dialog box that opens, set a passphrase for that HTML file that you are about to export. The file will be encrypted using AES-256 bit algorithm with the passphrase you supply here. Then, enter your reason for export if mandated by your PAM360 administrator.
  8. Click Proceed. Once the HTML file has been successfully synchronized, PAM360 will shortly display a message at the bottom left corner of the UI. You can click on the message or directly access your Amazon S3 account to check if the file has been synchronized. In your Amazon S3 account, the encrypted HTML file will appear under the bucket that you have specified earlier.

3. Steps to Configure Box Synchronization

Synchronizing Box with PAM360 first requires a Box account. If you do not own a Box account, go to the Box website and create one. Upon creating your account, follow the below steps:

  1. Go to the Box Developers console and log in with your Box credentials. Once you log in, click Create New App, and select Custom App.
  2. In the Custom App window, choose User Authentication (OAuth 2.0) as the Authentication Method. Enter a name for the app and click Create App.
  3. In the Configuration page, ensure that the selected Authentication Method is OAuth 2.0 (User or Client Authentication).
  4. Next, copy the Client ID and Client Secret provided under the OAuth 2.0 Credentials section and save them elsewhere. You will need to provide these credentials later in the PAM360 server to complete the integration.
  5. Next, under OAuth 2.0 Redirect URI section, enter your PAM360 server URL.
    The format of the redirect URI should be as follows: https://<Host-Name-of-PAM360-Server OR IP address>:<port>/PassTrixMain.cc#/ExternalApp/code/

Note: If you have high availability configured in your PAM360 installation, and if the primary server is down and the secondary server is running, you have to modify the redirect URL in your Box configuration settings as required for the synchronization to work.

  1. Finally, under Application Scopes, ensure that permission to Read and write all files and folders stored in Box is checked.
  2. Click Save Changes.

Once you have carried out all the aforementioned steps in the Box Developers console, follow the below steps to complete the configuration in PAM360:

  1. Navigate back to PAM360 >> Admin >> Integration >> Cloud Storage.
  2. Select Box and enter the Client ID and Client Secret copied from the Box console. Click Save. Box synchronization will be enabled for users in your organization.

3.1 Steps to Export and Synchronize the Encrypted HTML file to Box

If you are a user who wants to export and synchronize the encrypted HTML file to your Box account: 

  1. Go to Resources >> Export >> Sync with Box for Mobile Access.
  2. In the dialog box that opens, click Authorize. Box's login page will open in a new window. Log in with your Box credentials and in the page that loads, click Grant access to Box. A message saying the authorization is successful will be displayed. Click OK. You will then be automatically redirected back to the PAM360 interface. 
  3. A message saying the authorization is successful will be displayed. Click 'OK'. You will then be automatically redirected back to the PAM360 interface. 
  4. Now, navigate again to Resources >> Export and click on Sync with Box for Mobile Access.
  5. In the dialog box that opens, set a passphrase for that HTML file that you are about to export. The file will be encrypted using AES-256 bit algorithm with the passphrase you supply here. Then, enter your reason for export if mandated by your PAM360 administrator. 
  6. Click Proceed. Once the HTML file has been successfully synchronized, PAM360 will shortly display a message at the bottom left corner of the UI. You can click on the message or directly access your Box account to check if the file has been synchronized. In your Box account, the encrypted HTML file will appear under a new folder created in the name of PAM360. 
Top