Work flow in PAM360
If you are an Administrator ...
If you are an administrator engaged in the job of setting up PAM360 in your environment and managing passwords, following is the ideal work flow:
- Setup Mail Server
- Add users who will use PAM360
- Add resources whose passwords you want to manage
- Setup disaster recovery
User Addition work flow
- Prior to adding users, the important step to be done is configuring your mail server. Users will be notified of their PAM360 access details through email only, so ensure the mail server is setup properly. Click the link "Mail Server Setting" available in "Admin >> General" section. Enter your mail server name, its port and authentication credentials, the url that is to be displayed on the mail intimation to users to access PAM360 (access url). While providing authentication details, you have the option to specify the required username and password manually or you can make use of an user account already stored in PAM360. When you choose the second option "Use an user account already stored in PAM360", the resources and the accounts that appear on your resources tab, will be listed in the drop-down. You can choose the required details. After providing the authentication details, click "Save"
- Change the password of the default 'admin' user or delete the account after adding another administrator user
- Add users either manually or import user information from ActiveDirectory, LDAP or CSV file
- Specify appropriate access roles and password policies for the PAM360 users
- Group users together for the convenience of performing operations in bulk
- Enable authentication to any one of AD, LDAP or Local
Resource Addition work flow
The first step to actual Password Management in PAM360 starts with adding your "resource" to the PAM360 database. Here, resource denotes the server/application/device whose user accounts and passwords are to be managed by PAM360.
- Add resources either manually or import from a CSV file along with their user account and password information
- Setup the password reset method to one of remote or agent-based, if you need
- Group resources together for the convenience of performing operations in bulk
- Create Nested Resource Groups: Maintaining resource groups in hierarchical structure (groups, sub-groups) for navigational convenience
- By default, the passwords added by you could be viewed and edited only by you. If required, share resource passwords with other PAM360 users or user groups
- Access and modify passwords that are owned by you and that are shared to you
Access Control work flow
After adding the resources, administrators can put in place access control work flow for extra level of security. After successful authentication into PAM360, users get access to the passwords that are owned by them or shared to them. In some cases, administrators wish to give temporary access to passwords for certain users for a specified period of time. In other instances, there would be requirements to give users exclusive privilege to passwords. That means, only one user should be allowed to use a particular password at any point of time. When more than one user is required to work on the same resource, problems of coordination arise. Access control on concurrent usage would help resolve such issues.
- Set up access control work flow as per the requirements of your organization
Setup Disaster Recovery
If you are a Password User ...
- Configure the database backup schedule to backup the entire contents of the PAM360 database
- Export resource information in the format of your choice to have readable copies of resource information only
If you are a Password user engaged in the job of viewing the passwords allotted to you, there is no need to carry out any configuration. You may directly view the passwords of resources/accounts and edit passwords if you have that permission.