The Workflow in PAM360
If you are an administrator engaged in the job of setting up PAM360 in your environment and managing passwords, following is the ideal work flow:
- Setting up Mail Server
- Adding Users
- Adding Resources
- Setting up Disaster Recovery
Prior to adding users, the important step to be done is configuring your mail server. Users will be notified of their PAM360 access details through email only, so ensure the Mail Server is setup properly.
2. Adding Users
- Add users either manually or import user information from ActiveDirectory, LDAP or CSV file.
- Specify appropriate access roles and password policies for the PAM360 users.
- Group users together for the convenience of performing operations in bulk.
- Enable authentication to any one of AD, LDAP or Local.
Note: Change the password of the default 'admin' user or delete the account after adding another administrator user.
3. Adding Resources
The first step to actual Password Management in PAM360 starts with adding your "resource" to the PAM360 database. Here, resource denotes the server/application/device whose user accounts and passwords are to be managed by PAM360.
- Add resources either manually or import from a CSV file along with their user account and password information.
- Setup the password reset method to one of remote or agent-based, if you need.
- Group resources together for the convenience of performing operations in bulk.
- Create Nested Resource Groups: Maintaining resource groups in hierarchical structure (groups, sub-groups) for navigational convenience.
- By default, the passwords added by you could be viewed and edited only by you. If required, share resource passwords with other PAM360 users or user groups.
- Access and modify passwords that are owned by you and that are shared to you.
After adding the resources, administrators can put in place access control work flow for extra level of security. After successful authentication into PAM360, users get access to the passwords that are owned by them or shared to them. In some cases, administrators wish to give temporary access to passwords for certain users for a specified period of time. In other instances, there would be requirements to give users exclusive privilege to passwords. That means, only one user should be allowed to use a particular password at any point of time. When more than one user is required to work on the same resource, problems of coordination arise. Access control on concurrent usage would help resolve such issues.
- Set up access control work flow as per the requirements of your organization
4. Setting up Disaster Recovery
If you are a password user follow the below steps to setup disaster recovery:
- Configure the database backup schedule to backup the entire contents of the PAM360 database
- Export resource information in the format of your choice to have readable copies of resource information only
If you are a Password user engaged in the job of viewing the passwords allotted to you, there is no need to carry out any configuration. You may directly view the passwords of resources/accounts and edit passwords if you have that permission.