Privileged Access Manager 4.5 includes new features, improves security, and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Privileged Access Manager Community Support Forum, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ website in HTML and PDF formats. If you have suggestions for documentation improvements, click the comment icon on any page in the HTML version of the documentation posted at the Privileged Access Manager Documentation website.
Privileged Access Manager 4.5 provides the following features and enhancements:
From this release, Privileged Account Manager has been renamed to Privileged Access Manager to align with the goals and strategy of NetIQ Identity and Access Management.
Privileged Access Manager simplifies the process of detecting and identifying the list of accounts associated to a resource (Target) based on the defined rule with the Discovery and Onboard feature. The Discovery and Onboard feature fetches various details of the accounts and helps in managing the discovered accounts. Discovery of privileged accounts also enables administrators to add multiple accounts to a preferred resource. Later, an administrator can transfer and onboard the discovered accounts to Credential Vault for enabling various supported privileged access features for the onboarded accounts.
The Discovery and Onboard feature supports SSH and Windows Host resource types, for discovery of local privilege accounts on Linux or Unix and Windows respectively.
For more information, see Discovery and Onboard of Privileged Accounts.
Provision to Group Resource Pools
Resource Pool Groups has been introduced in Privileged Access Manager, which allows administrators to create logical set of similar Resource Pools. This simplifies the process of managing Access Control policy and reduces the number of assignments substantially.
For more information, see Resource Pool Groups.
Add a Resource to Resource Pool
The administrator is allowed add a resource to a new resource pool, to an existing resource pool, or include a specific resource pool for each resource without editing the resource. To perform these actions, using the following options on the Resources page:
Create a Resource Pool
Add to Existing Resource Pool
Create Individual Resource Pools
For more information, see Adding a Resource to Resource Pool.
Remove a Resource from Resource Pool
The administrator can use the Remove from Resource Pool option to remove the resource from one resource pool and tag it to another resource pool.
For more information, see Removing a Resource from Resource Pool.
Privileged Access Manager facilitates users to exchange files between the local drive and the following web-based relay sessions:
Remote Desktop Protocol Web Relay session
Secure Shell Web Relay session
The administrator must enable File Transfer in the Access and Monitoring Options of Web RDP and Web SSH to allow upload and download of files.
For more information, see Transferring a File to Secure Shell Web Relay Session and File Transfer in the Remote Desktop Protocol Web Relay Session.
The Resource Name field has been introduced on the left pane of the Resources page to find a preferred resource among several available resources. This promotes ease of use for the administrators.
This release introduces the following options to prevent any security breach and malicious act:
Block Command: To prevent users from executing any command that is marked as risky with different levels such as high risk, medium risk and so on.
Block User: To block users who executed the risky command and refrain them from initiating a new session.
For more information, see Command Risk.
PAM Driver has been enhanced to support the Access Control policy engine. The driver has been shipped with Identity Manager 4.9.
For more information, see Privileged Access Manager Driver for Identity Manager guide.
This release includes the following software fixes:
|
Component |
Bug ID |
Issue |
|---|---|---|
|
Access |
462012 |
Blocked users are granted access to the RDP Web and SSH Web sessions. |
|
Access |
388115 |
When Privileged Access Manager is integrated with Advanced Authentication, AD users with special characters or space in the account name fail to login to the User Console. |
|
Access |
178614 |
Commands with space fails on Unix and Linux agent based privileged access. |
|
Agent |
174989 |
Due to PAM Agent 3.7.0.1 failure, the Core dump SAP HANA services are failing. |
|
Application SSO |
464022 |
The AppSSO direct Mode with Access Control policy is not working as expected. |
|
Audit |
626023 |
The PAM audits include the password hash of local users. |
|
Credential |
229029 |
MSSQL password check-in fails in SLES 15 SP3 where as it works in SLES 12 SP4 for similar setup. |
|
Credential Checkout |
443001 |
For Identity Manager resource, the password check-out fails for the second time and displays the following error message: All the accounts in this domain are being used. Retry later. |
|
Credential Vault |
412019 |
The extended attributes of applications that the administrator has configured are not displayed to end users for reading secret permissions. |
|
Performance |
395046 |
The Credential Vault page is considerably slow while loading the resources. |
|
Performance |
491142 |
Adding and removing resources from Resource Pool is considerably slow. |
|
RDP |
178134 |
Unable to fetch the audit video when the Video Subfolder Configuration is enabled for Web RDP and Web Agent RDP. |
|
RDP |
598053 |
Direct RDP to agent server fails when the PAM agent is unable to connect to the PAM Manager. |
|
RDP |
629189 |
The Web RDP and RDP Relay sessions are not accessible for users of the Protected Users group. |
|
RDP Web |
500092 |
Users are unable to copy and paste any text within the Windows Web RDP session as the text is not copying to the clipboard. |
|
RDP Web |
540116 |
Some combination keys are not functional on Windows Web sessions. Due to this issue, PAM is crashing. For example, Cntrl+N, Cntrl+Shift+N. |
|
RDP Web |
600004 |
Active Directory User is denied access to a RDP Web session for the Submit User permission. |
|
Report |
174556 |
The filters in Reporting are case sensitive. For example, if there is a user TECH\ADMINISTRATOR and the search criteria is set to tech\Administrator, the relevant reports are not displayed. |
|
SSH |
600011 |
The Agentless SSH sessions connect intermittently when specifying the destination node. |
|
User Interface |
598007 |
In case of customized reports, the end-users are able to remove administrator configured filters and view the complete report. |
|
User Interface |
174968 |
If a method is added twice as a second-factor authenticator for a session, the 2FA window is displaying the method once. |
|
User Role |
598011 |
Issue while adding a user role for AD users, if the user group name on the Active Directory includes special characters. For example, user group name is NEW&IT. |
Command Control has been replaced by Access Control from Privileged Access Manager 4.0 release onwards. Since Command Control will be deprecated in the future releases, we recommend that you migrate all the policies to Access Control for seamless usage of the product.
For information about hardware requirements, supported operating systems, Privileged Access Manager features supported on different target systems, and browsers, see Privileged Access Manager 4.5 System Requirements and Sizing Guidelines.
Download the software from the Software License and Download portal.
The following file is available with Privileged Access Manager 4.5:
Table 1 File Available for Privileged Access Manager 4.5
|
File/Folder name |
Description |
|---|---|
|
netiq-npam-packages-pam-4.5.iso |
Contains the Privileged Access Manager 4.5 .iso file. |
|
netiq-npam-packages-4.4.0-0.tar.gz |
Contains the Privileged Access Manager 4.5 .tar file. |
You can upgrade to Privileged Access Manager 4.5 from Privileged Access Manager <4.1> or later. When you upgrade to Privileged Access Manager 4.5, a rollback of packages to version <4.4> or an earlier version is not supported.
For information about upgrading to Privileged Access Manager 4.5, see Upgrading Privileged Access Manager
in the Privileged Access Manager Installation Guide.
After upgrading to PAM 4.5, it is required to install Discovery module in the Linux Manager. Open Install Packages and click Install Discovery module.
Refresh the browser after an SPF upgrade as the certificate has to be re approved for successful logging. This is because the HTTPS certificate are upgraded after Framework patch package upgrade.
On the PAM managers with taskmanager module, for password management module, the gssntlm library is no longer part of Privileged Access Manager installer file, therefore ensure that you install the gssntlmssp package when upgrading. For more information, see Password Management.
Delete and re-import the Privileged Access Manager certificates on each of the Application SSO agents because the HTTPS certificate is upgraded.
Low-Level Session Audits option is enabled by default in case you are upgrading from previous version of Privileged Access Manager. You can disable this option for Windows agent permission to improve the system performance.
Open Text strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact https://www.microfocus.com/support-and-services/.
Privileged Access Manager 4.5 does not have any known issues.
For specific product issues, contact Open Text Support at https://www.microfocus.com/support-and-services/
Additional technical information or advice is available from several sources:
Product documentation, Knowledge Base articles, and videos: https://www.microfocus.com/support-and-services/
The Open Text Community pages: https://www.microfocus.com/communities/
Copyright 2009 - 2024 Open Text
The only warranties for products and services of Open Text and its affiliates and licensors (“Open Text”) are as may be set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Open Text shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
For additional information, such as certification-related notices and trademarks, see http://www.microfocus.com/about/legal/.