Firefox Browser Extension
To make password management and auto-logon activities seamless, PAM360 provides the option to securely synchronize your privileged accounts and passwords across browsers through native browser extensions.
The extensions help you perform privileged access management operations such as sending and approving password requests, auto-filling passwords to websites, web applications, and also set up an Auto Logon gateway to launch RDP and SSH sessions. The extensions allow you to view all the passwords, resource groups, favorites, recently used resources and also enables you to search for resources.
The browser extensions, once deployed, allows you to directly perform most of the privileged access management activities, with PAM360 running in the background.
Note: While passwords are undisclosed within the PAM360 interface for security reasons, please note that users with access to the developer console or similar debugging tools may still be able to view them. Exercise caution with sensitive information and ensure appropriate access controls are implemented to manage potential risks associated with password visibility.
Apart from the Firefox browser extension, the other available extensions are:
This document explains you in detail about the Firefox browser extension. Below is a detailed explanation of the steps to install the extension, the settings required, and how it helps in managing the privileged resources:
1. Benefits
The Firefox browser extension provides certain advantages such as:
- Automatic login to websites and applications from the browser without the need to access the PAM360 web interface.
- Exclusive icons for auto-logon and copy username/password to simplify operations.
- Resource Description icon () to display more information about a resource. Click the resource name to list all the associated accounts.
- Central Search bar to search for resources based on the criteria, such as resource name, DNS name, etc., specified at the time of resource creation.
2. Steps to Install the Extension
- There are two ways to download the browser extension for Firefox:
- Go to PAM360's download page. Scroll down and click the Firefox icon under Browser Extensions. It will redirect you to the Firefox Add-ons page.
- Go to the Firefox add-ons page from Firefox browser.
- Click the Add to Firefox button and click Add in the confirmation pop-up that appears.
- After installation, PAM360 icon will appear in the address bar of the browser. Click the icon and enter the Host where PAM360 is running and specify the connection Port.
- Enter your login credentials. The browser extension supports all types of login (Local/AD/LDAP/RADIUS) and authentication mechanisms as available in the web interface.
Now, the browser extension is ready to use.
3. Supported Operations
3.1 View Passwords
To view the list of all passwords, click the All Passwords tab in the browser extension. To view passwords specific to a resource group, click the Resource Groups tab. Here, the browser extension will maintain the same tree structure of resource groups and corresponding accounts as shown in the PAM360 web interface. You can view the password of any account associated with that particular resource group from the Resource Groups tab.
3.2 Search All Resources
Search for resources directly from the search bar in the browser extension based on any criteria such as resource name, user name, DNS name, user account, resource type, resource description, department, location, domain name, all resources or additional custom fields.
3.3 Automatic Launch of RDP and SSH Sessions
Click the auto logon icon to launch a direct connection to websites or Windows/Linux resources.
- For Linux resources, choose either SSH or Telnet.
- For Windows resources, choose either Windows Remote Desktop or RDP Console Session.
- For websites, the URL will open directly.
3.4 Username and Password Autofill on a Website or Application
To autofill credentials on a website/application, the credentials must already be stored in PAM360. When you attempt to login to a website, click the PAM360 extension icon that appears beside the credentials field and choose an account. The corresponding username and password will be auto-filled, after which you can manually hit enter and login to the website.
Note: When you enter new login credentials to access a website or application instead of selecting from the extension autofill, you will be prompted to save the credential. Upon saving, you can add the credential as an enterprise or personal account to the PAM360 server directly from the browser extension.
Important Note:
- PAM360 Browser extensions are designed to securely retrieve the stored credentials from the PAM360 vault and auto-fill the form in target web pages/websites. This feature allows users to automatically log into websites and web applications without entering the credentials manually.
- Please note that this feature is primarily for convenience and is not a fool-proof system as the credentials are submitted in the client-side browser. Therefore, make sure if you have enforced the necessary security measures in the client-side browser and the user systems.
3.5 Favorites
This option provides quick access to the list of all your frequently used passwords that you marked as favorites in PAM360. This helps you locate resources and corresponding passwords easily. To mark any password as a favorite in the All Passwords, click the star icon beside it.
3.6 Recently Used
Click the Recently Used tab in the browser extension to find the list of all recently accessed passwords.
3.7 Copy Username or Password
Click the Copy Username or Password options to copy the credentials to the clipboard for pasting them elsewhere as required.
3.8 File Download
You can download the digital files, certificates and documents stored under a FileStore resource type, directly from the extension.
3.9 Password Access Request/Release
If you have configured password access control workflow in your web interface, the same will be applied to the browser extension. The administrators can either approve or reject password requests from the browser extension menu. Once a password request is approved, you can perform password check-in and check-out operations also from the extension.
Notes:
- If you have enabled Ticketing System Integration or the reason for retrieving the passwords setting in your PAM360 web interface, the browser extension will also prompt you to enter the ticket id or reason for access whenever you try to retrieve the password.
- The access control mechanism in the browser extension works the same way as in the web interface.
4. Settings
4.1 Clear Clipboard
Specify a time period in seconds to choose how long the copied data should remain in the clipboard. Enter '0' as the value to never clear the clipboard.
4.2 Automatically Logout After
Specify a time period in minutes to choose how long the session should remain logged in. Enter '0' as the value to never logout of a session in the browser extension. The automatic logout time specified for the web interface and the extension are independent of each other. However, you can apply the same automatic logout time given for the web interface to the browser extension as well. Follow the below steps to do so:
- Go to PAM360's web interface. Navigate to Admin >> Settings >> General Settings and click User Management from the left pane.
- Specify a value for automatic logout in the option Automatically log off users for X minutes and select the checkbox Enforce this as a maximum time limit also for users logged in through browser extension.
4.3 Prevent Browser from Prompting to Save Passwords
Select this option to prevent the browser from prompting to save passwords during any login. Once you select the option, click Allow in the pop-up that opens to confirm your permission to prevent the browser from prompting further.
4.4 Prevent Extension from Prompting to Add Accounts
Enable this checkbox to stop the browser extension from automatically prompting you to save new login credentials to the PAM360 server. Once this option is enabled, the extension will no longer display prompts to add accounts as enterprise or personal resources during manual logins.
4.5 Enable Autofill Submit
Select this option to enable the browser extension to auto-fill the credentials and submit them during login.
4.6 Automatically Log in to Extension When Logged in to Web Interface
Select this option to enable concurrent login to the browser extension when you are logged into the PAM360 web interface.