Firefox Browser Extension
PAM360 provides an option to securely synchronize your privileged accounts and passwords across browsers through native browser extensions—this allows IT teams to gain complete control over privileged assets in the network and access them through the browser extensions.
The extensions help you perform privileged access management operations such as sending and approving password requests, auto-filling passwords to websites and also set up an Auto Logon gateway to launch RDP and SSH sessions. Additionally, they allow you to view favorites, all passwords and resource groups shared to you, etc. Once you deploy the extensions, you can perform most of the privileged access management activities using them, with PAM360 running in the background.
At present, browser extensions are available for Firefox and Chrome.
Below is a detailed explanation of the steps to install the extensions, their settings and how they can help in managing privileged resources:
1. How does the Extension Help?
The PAM360 browser extension provides certain advantages such as:
- Automatic login to websites and applications from the browser without going to PAM360's web interface.
- Exclusive icons for auto logon and copy username/password to initiate the operations easily.
- The Resource Description icon () to display other details related to the resource. Click the resource name to list all the associated accounts.
- Central search bar to search for resources based on any criteria specified at the time of resource creation such as resource name, DNS name, description, department, etc.
2. Steps to Install the Extension
- There are two ways to download the browser extension for Firefox:
- Click the Add to Firefox button and click Add in the confirmation pop-up that appears.
- After installation, PAM360 icon will appear in the address bar of the browser. Click the icon and enter the Host where PAM360 is running and specify the connection Port.
- Enter your login credentials. The browser extension supports all types of login (Local/AD/LDAP/RADIUS) and authentication mechanisms as available in the web interface.
Now, the browser extension is ready to use.
3. Supported Operations
3.1 View Passwords
To view the list of all passwords, click the All Passwords tab in the browser extension. To view passwords specific to a resource group, click the Resource Groups tab. Here, the browser extension will maintain the same tree structure of resource groups and corresponding accounts as shown in the PAM360 web interface. You can view the password of any account associated with that particular resource group from the Resource Groups tab.
3.2 Search All Resources
Search for resources directly from the search bar in the browser extension based on any criteria such as resource name, user name, DNS name, user account, resource type, resource description, department, location, domain name, all resources or additional custom fields.
3.3 To Automatically Launch RDP or SSH Sessions
Click the auto logon icon to launch a direct connection to websites or Windows/Linux resources.
- For Linux resources, choose either SSH or Telnet.
- For Windows resources, choose either Windows Remote Desktop or RDP Console Session.
- For websites, the URL will open directly.
3.4 To Autofill Username and Password on a Website or Application
To autofill credentials on a website/application, the credentials must already be stored in PAM360. When you attempt to login to a website, click the PAM360 extension icon that appears beside the credentials field and choose an account. The corresponding username and password will be auto-filled after which you can manually hit enter and login to the website.
This option provides quick access to the list of all your frequently used passwords that you marked as favorites in PAM360. This helps you locate resources and corresponding passwords easily. To mark any password as a favorite in the All Passwords, click the star icon beside it.
3.6 Recently Used
Click the Recently Used tab in the browser extension to find the list of all recently accessed passwords.
3.7 Copy Username or Password
Click the Copy Username or Password options to copy the credentials to the clipboard for pasting them elsewhere as required.
3.8 File Download
You can download the digital files, certificates and documents stored under a FileStore resource type, directly from the extension.
3.9 Password Access Request/Release
If you have configured password access control workflow in your web interface, the same will be applied to the browser extension. The administrators can either approve or reject password requests from the browser extension menu. Once a password request is approved, you can perform password check-in and check-out operations also from the extension.
- If you have enabled Ticketing System Integration or the reason for retrieving the passwords setting in your PAM360 web interface, the browser extension will also prompt you to enter the ticket id or reason for access whenever you try to retrieve the password.
- The access control mechanism in the browser extension works the same way as in the web interface.
4.1 Clear Clipboard
Specify a time period in seconds to choose how long the copied data should remain in the clipboard. Enter '0' as the value to never clear the clipboard.
4.2 Automatically Logout After
Specify a time period in minutes to choose how long the session should remain logged in. Enter '0' as the value to never logout of a session in the browser extension. The automatic logout time specified for the web interface and the extension are independent of each other. However, you can apply the same automatic logout time given for the web interface to the browser extension as well. Follow the below steps to do so:
- Go to PAM360's web interface. Navigate to Admin >> Settings >> General Settings and click User Management from the left pane.
- Specify a value for automatic logout in the option Automatically log off users for X minutes and select the checkbox Enforce this as a maximum time limit also for users logged in through browser extension.
4.3 Prevent Browser from Prompting to Save Passwords
Select this option to prevent the browser from prompting to save passwords during any login. Once you select the option, click Allow in the pop-up that opens to confirm your permission to prevent the browser from prompting further.
4.4 Enable Autofill Submit
Select this option to enable the browser extension to auto-fill the credentials and submit them during login.
4.5 Automatically Log in to Extension When Logged in to Web Interface
Select this option to enable concurrent login to the browser extension when you are logged into the PAM360 web interface.