|
|
Indeed introduces version 2.9 of Indeed Privileged Access Manager (Indeed PAM).
Now Indeed PAM can be installed not only on Windows, but also on any Linux distribution with Docker support, including those certified by FSTEC.
Version 2.9 introduces a new component – RDP Proxy, developed by Indid Company based on freely distributed software. It allows you to control connections to protected resources via the RDP protocol. It became possible to use the FreeIPA directory service as a PAM user directory, which is also used to authenticate PAM users.
Another new feature is the ability to create user groups based on groups from external LDAP-enabled directories such as Active Directory (AD) and FreeIPA, and link these groups. In this article, we will cover all the new features implemented in Indeed PAM 2.9.
Industrial implementation of RDP proxy under Linux
The RDP proxy component, introduced in version 2.9, can be used for industrial operation of the solution. It performs the following main functions:
checking user access rights;
two-factor user authentication;
video recording of sessions;
shadow copying of files transferred within sessions.
RDP proxy is based on open source software. The Docker platform is used to deploy the component, which provides the following advantages:
allows installation on any Linux distribution with Docker support, including those certified by FSTEC (ALT Linux, Astra Linux Special Edition, RED OS, etc.);
eliminates the need to purchase licenses from Microsoft and other suppliers, which is important for a large number of our customers who are implementing import substitution measures and switching to Linux.
FreeIPA Support
In implementing the import substitution strategy, many of our customers are actively switching from Microsoft Active Directory to other directory services that support work in *nix family operating systems. Indeed PAM 2.9 adds support for the FreeIPA directory service, which can now be used as a PAM user directory and for PAM user authentication.
Accessing Indeed PAM from different subnets
Now, when a user connects to Indeed PAM, you can determine the network location of the connection source and, depending on the information received, provide different lists of available resources. In other words, the new feature allows you to create different lists of available connections to protected resources for each user, virtual phone number service taking into account where they connect to Indeed PAM from.
Ansible Playbooks and Configuration File Creation Webmaster
To simplify the installation and configuration of Indeed PAM components, we have developed:
Ansible playbooks, which allow you to automate the preparation of the environment on servers, including the installation of Docker, and the deployment of Indeed PAM components;
a web configurator with a user-friendly graphical interface that allows you to create Indeed PAM component configuration files, eliminating the need to fill them out manually in a text editor.
These tools will help reduce the labor costs of implementing and updating Indeed PAM.
Possibility of sending one-time passwords via email
One-time passwords (OTPs), used for authentication as a second factor, can now be received via email. The new feature will allow companies that cannot use time-based one-time password (TOTP) generating apps to send OTPs to users' email addresses.
Granting permissions to user groups from LDAP directories
Indeed PAM 2.9 lets you create user groups based on groups from external LDAP-enabled directories, such as Active Directory (AD) and FreeIPA, and link these groups. New groups can be granted permissions to access protected resources. The permission is granted to all members of the group, and is revoked when the user leaves the group. Linked groups are also periodically synchronized: their composition and the properties of their privileged users are adjusted depending on changes in the LDAP directory.
TO GET THE NEW VERSION OF INDEED PAM, CONTACT OUR SUPPORT.
|
|
發表於 2024-11-7 13:54:04