Privileged Task Automation Controls

Privileged Task Automation (PTA), powered by Qntrl within PAM360, streamlines and automates privileged operations on endpoints through a Bridge server. At the core of PTA, the circuit builder's controls serve as essential components for designing and executing sophisticated automation workflows. These versatile building blocks enable the seamless orchestration of complex tasks, allowing interactions with diverse systems and applications connected via the Bridge.

By leveraging the extensive capabilities of these controls, organizations can automate intricate privilege-related processes, eliminating manual interventions while enhancing security and operational efficiency. These controls empower IT teams to construct robust automation frameworks that optimize privileged operations, thereby reducing risk and improving overall workflow management.

The subsequent sections will explore the distinct categories of these controls - Flow Controls and Bridge Controls - outlining their individual functionalities and their role in building powerful automation circuits within PAM360.

1. Flow Controls

Flow Controls are crucial for establishing the logical progression and operational order within your automation workflows. They govern the movement of data and the execution path between the various states in your automation circuit. PAM360's Privileged Task Automation (PTA) circuit builder offers the following states within the Flow Controls category:

1. Pass: The Pass control simply forwards the input it receives to the next state in the workflow, acting as a direct connection point. It is useful for maintaining a clear flow or when a state needs no modification of the data. For more details, click here.
2. Branch: It introduces conditional logic, allowing the workflow execution to diverge along different paths based on the input or output of a preceding state. This is crucial for implementing decision-making processes within your automation. Refer to this document for more information about the Branch state.
3. Parallel: The Parallel state allows multiple subsequent states to execute simultaneously, making it ideal for scenarios where independent tasks can run concurrently. This parallel execution significantly reduces the overall workflow processing time. For more details, click here.
4. Wait: The Wait control introduces a deliberate pause in the workflow execution for a specified duration. This can be useful for allowing time-sensitive operations to complete in external systems before proceeding with the next steps. Refer to this document for more information about the Wait state.
5. Batch: The Batch control facilitates the execution of a group of operations multiple times, often iterating over a list of items. This is valuable for performing the same set of actions on multiple targets or datasets. For more details, click here.
6. Success: The Success control is is a terminal state that explicitly marks the successful completion of a workflow execution. When this state is reached, consider the automation is completed successfully. Refer to this document for more information about the Success state.
7. Failure: The Failure control is a terminal state that explicitly marks the unsuccessful completion of a workflow execution. Reaching this state indicates that an error or issue has occurred during the automation process. For more details, click here.

By strategically combining these Flow Control states, you can construct complex and adaptable automation workflows that orchestrate various tasks and data manipulations in a logical sequence.

2. Bridge Controls

Bridge Controls expand your automation workflows by facilitating seamless interactions with resources both within the PAM360 network and beyond. They enable secure connectivity to external environments such as proxy server networks, secure VLANs, DMZs, and other isolated or perimeter networks using the Bridge architecture. This extended reach ensures robust automation capabilities while maintaining strict security and access control across diverse IT infrastructures. Through the Configuration tab in the circuit builder, you can define the connection parameters for these resources directly from the PAM360 interface. PAM360’s PTA supports the following key configurations for Bridge Controls:

1. Resource type selection: Specify the type of resource you intend to interact with (e.g., server, application, database).
2. Resource selection: Choose the specific instance of the selected resource type.
3. Account selection: Select the privileged credentials from PAM360 that will be used to access the target resource.
4. Bridge selection: Designate the specific deployed bridge agent that will facilitate the secure connection to the chosen resource.

The following are the Bridge Controls or privileged tasks supported by PTA:

1. Task Engine: This control allows you to connect to and execute any API using the GET, PUT, and POST HTTPS methods, provided the server hosting the API is accessible. It also enables the execution of custom tasks within a closed network environment, leveraging the deployed Bridge for secure communication and interaction with internal applications and services. For more details, click here.
2. SSH Task: The SSH Task enables you to execute shell commands or scripts on a target Linux machine within a private network. This is useful for performing system administration tasks, running custom scripts, or interacting with Linux-based applications. Refer to this document to learn more about the SSH Task bridge control.
3. Files: This control provides an action to transfer files between resources within the network. The maximum file transfer limit per task execution is 1 GB. For more details, click here.
4. AD Task: This control offers a range of actions for integrating with and managing Active Directory (AD) services within a client's network. For more details, click here.
5. PowerShell Engine: This control enables the execution of PowerShell scripts on a selected Bridge installed on a Windows machine, allowing automation of Windows-specific tasks, system configurations, and application interactions. To execute tasks on a remote Windows machine using PowerShell from the Bridge server installed on Windows, follow these steps:
   1. Develop a PowerShell script capable of establishing a remote connection to the desired target machine. Add the script by navigating to Admin >> Workflow Orchestration >> Privileged Task Automation >> Scripts & Bridges >> Scripts.
   2. Within the PTA circuit builder, create an automation workflow utilizing the PowerShell Engine control.
   3. Navigate to the Configuration tab of the circuit builder. Here, configure the connection details by:
      1. Selecting Windows as the resource type.
         
      2. Mapping the specific resource where the Bridge server is installed.
      3. Choosing the appropriate account credentials for accessing the Bridge installed resource.
      4. Specifying the bridge server from which the PowerShell script will be executed to initiate the remote connection.
      5. Under the Add Configuration section, selecting PAMCredential_Powershell in the Credential ID field to leverage PAM360-managed credentials for the PowerShell execution.
      6. In the Script ID field, selecting the PowerShell script that is already added.
      7. Selecting the Bridge server (installed on Windows machine) in the Host field.
   4. Click Save to create the privileged process.

By utilizing Bridge Controls, you can seamlessly integrate automation workflows with critical internal systems and applications, extending the reach and capabilities of PAM360's Privileged Task Automation to your entire IT infrastructure.