Configuring PAM360 Remote Connect

The PAM360 Remote Connect application (an independent desktop client for Windows) revolutionizes remote access by offering seamless, password-less connectivity to PAM360 resources with just one click. The remote client integrates RDP and SSH connections into a unified interface, eliminating the hassle of switching between external desktop clients. Also, the ability to launch concurrent sessions and customize SSH connections enhances user experience significantly.

This document outlines the installation process, system requirements, and operations within the interface. Read further to learn about Remote Connect in detail.

  1. Benefits of Using PAM360 Remote Connect
  2. Prerequisite
  3. System Requirements
  4. Steps to Install and Log into Remote Connect
  5. Possible Operations in the PAM360 Remote Connect Interface
  6. Real-time Scenario
  7. Limitations of PAM360 Remote Connect
  8. Troubleshooting Tips

1. Benefits of Using PAM360 Remote Connect

  1. PAM360 Remote Connect offers password-less, one-click login for seamless access to remote endpoints.
  2. Remote Connect is a lightweight client, capable of launching both RDP and SSH-based connections from a single interface—thus eliminating the need to install multiple applications to get the job done.
  3. Remote Connect can launch concurrent active remote connections in multiple tabs.
  4. SSH-based remote sessions initiated via Remote Connect are highly customizable. The client allows you to modify system settings within the remote session window and lets you perform operations that you can carry out in a local machine such as opening the session window in full screen and changing the keyboard configurations. This provision helps elevate the overall user experience.

2. Prerequisite

A working instance of the PAM360 web application, accessible from the end-user workstation.

3. System Requirements


Hardware Requirements Supported Operating Systems

Processor

  • Dual Core/Core2Duo or above

RAM

  • 4 GB or above

Hard Disk

  • 200 MB or more


Windows

  • Windows Server 2016
  • Windows Server 2019
  • Windows 10 and above

Note: PAM360 Remote Connect can also be run on VMs of the above operating systems.


4. Steps to Install and Log into Remote Connect

  1. Go to the PAM360 Remote Connect download page and download the PAM360RemoteConnect.exe file. Follow the instructions in the Installation Wizard to install the application.
  2. Once the application is successfully installed, launch PAM360 Remote Connect.
  3. In the Server Configuration page, do as follows:
    1. Enter the hostname and port of your PAM360 web server and click Save.
    2. If you have an MSP build, enter the Org name. If you are unsure of your Org name, navigate to the PAM360 web interface, go to Admin >> Organizations and find your Org name.
    3. If you do not have an MSP build, you will be redirected to the login page directly without the prompt to enter Org name.
  4. Enter your PAM360 login credentials. All the authentication modes that are enabled in your PAM360 server such as AD/Microsoft Entra ID/LDAP authentication, SAML single sign-on methods, and two-factor authentication will be applied to Remote Connect as well. For example, if AD/Microsoft Entra ID/LDAP authentication is enabled for your PAM360 login, you can log in to Remote Connect using your AD/Microsoft Entra ID/LDAP credentials.

Notes:

  1. Ensure that the PAM360 service is running for a successful login.
  2. Click the Server Configuration option present at the right top corner in the login page to modify the server details at any time.

5. Possible Operations in the PAM360 Remote Connect Interface

All RDP and SSH-based resources and accounts owned by you and/or shared with you will be available for your use in the Remote Connect interface. The display area is split into two panes: Resources and Accounts.

Click any resource from the Resources pane on the left to view the accounts belonging to it in the display area on the right. Similar to the Connections tab in PAM360's web application, PAM360 Remote Connect displays Domain Accounts and Local Accounts of the selected resource in separate columns. You can establish remote connections to a resource using either the local accounts or one of the available domain accounts. Click here to learn about the connection tab operations in detail.

Hover over any account and click Connect to successfully launch a remote connection to the selected resource. You can launch concurrent remote connections and manage them from different tabs in the same window. Use the sort option in the Resources pane to sort the resources as per alphabetical or reverse alphabetical order. Both the panes have individual search bars to help you locate resources and accounts using keyword search. All operations that you can perform in an MSTSC connection and via SSH PuTTY client are possible using Remote Connect.

Notes:

  1. Single-click auto logon using AD/Microsoft Entra ID/LDAP credentials is not available in PAM360 Remote Connect for now. Therefore, the 'Logged-in AD/Microsoft Entra ID/LDAP credential' tab will not be displayed here.
  2. For now, Remote Connect does not have the provision to add new connections or edit the existing ones—to do so, add the connections in the PAM360 web application and refresh the view using the Refresh icon in Remote Connect to update the display in the client.

5.1 Launching Remote Connections to Resources with Password Access Control

When Password Access Control is enabled for a resource that is shared with a user, the user will be able to send a password request, check out the password after admin approval, launch the remote connection, and check the password back in, right from PAM360 Remote Connect without the need to open the PAM360 web interface.

As of now, the resource owners can't terminate an active remote session taken via Remote Connect. However, if access control is enabled for the resource, the password will be automatically checked back in after the specified time and the remote session will end. Click here to learn how to configure the time limit for password access control.

5.2 Auditing Remote Sessions

Detailed audit trails for all remote sessions taken via PAM360 Remote Connect will be recorded in the Audit section of the PAM360 web interface.

5.3 Optional Admin Operations

  1. By default, PAM360 Remote Connect access is disabled for all users. Administrators can enable Remote Connect access from the Add User or Edit User wizard - click here to learn how. The administrators can also allow other users to grant Remote Connect access by enabling the custom user role - Manage Remote Connect for them.
  2. Administrators can set a time limit for a period of inactivity, after which the application will automatically end all active sessions and log out. Click here to learn how to set the time limit.

6. Real-time Scenario

PAM360 Remote Connect is recommended for a trusted subset of privileged users in an enterprise who do not require metered access to the resources in the environment. For such users, Remote Connect is highly beneficial since it can be installed in any Windows machine without the need to run the PAM360 server in the same machine.

Consider John, an IT Admin, whose responsibility is to perform a routine sweep of the test machines in his environment to check for suspicious software.

In this case, John must ensure that the following conditions are satisfied:

  1. The test machines must be added as resources in the PAM360 web application.
  2. The test machines need not reside in the same network but they need to be able to connect to each other via RDP/SSH protocols.

If the above conditions are satisfied, John can install PAM360 Remote Connect in his own laptop or any other test machine independently and launch remote connections to other endpoints and perform his duties.

7. Limitations of PAM360 Remote Connect

  1. As of now, PAM360 Remote Connect does not come with Privileged Session Management (PSM) features such as session recording, session monitoring, and termination. Please access PAM360's web interface to avail the product's extensive PSM features.
  2. As of now, advanced connection settings configured for remote connections in the PAM360 web application will not apply to the remote sessions launched via Remote Connect.
  3. The Secure File Transfer option is not available in the Remote Connect interface. However, direct file transfer will work between machines once the RDP/SSH connection is established.
  4. As of now, Remote App support is not available. If Remote App is configured for any resource, users will not be able to connect to it via Remote Connect.
  5. Once an end-user has launched a remote connection via Remote Connect, resource owners cannot terminate the session from the PAM360 web server.
  6. The single-click auto logon method to launch remote connections using AD/Microsoft Entra ID/LDAP credentials is not available for now.
  7. The Ctrl+Alt+Del option will not work in an RDP session initiated via Remote Connect.

8. Troubleshooting Tips

1. My PAM360 web server is running but I'm unable to connect to Remote Connect.

The Remote Connect client only works with PAM360 version 5600 and above, so please ensure that the PAM360 web server is up-to-date. If not, click here to upgrade the web server to the latest version and try connecting to Remote Connect once again.

2. My PAM360 web server is up-to-date but I'm still not able to connect to Remote Connect.

It is possible that Remote Connect access is disabled for your user profile. Please contact your administrator. If you are an administrator, refer to section 5.3 for steps on how to enable access.

3. When I hover over an account, why do I see the 'Disabled' option instead of 'Connect' or 'Request'?

If you see the Disabled option on an account, it could be due to one of the following reasons:

  1. Plain text view of passwords is disabled for all resources under 'General Settings' in the PAM360 web server.
  2. Remote App is configured for the selected account. Remote App does not work in Remote Connect as of now.
  3. RDP access using local accounts is restricted for the selected resource.
  4. Remote connection is disabled for the selected resource type under 'Auto Logon Helper' in the PAM360 web server.
Top