Privileged Account Manager provides the capability to connect to a remote host using SSH (UNIX/ Linux), RDP Relay (Windows), direct RDP and credential provider (Windows) without knowing the privileged account credentials such as passwords or identity certificate of the user. You can also configure Privileged Account Manager to connect to any database, or application server with secure and controlled access. The use of shared keys allows Privileged Account Manager to provide any type of shared credentials to privileged users. You can capture users’ activity in different formats, such as keystroke, screenshots, session, and video. For endpoints specific details, see the following sections:
Before trying to connect to remote hosts, you must configure Rules and Policies in Privileged Account Manager. You must create rules in the component called Command Control as an Administrator. For more information about Command Control, see Section 8.0, Command Control.
A Windows Server user can get privileged access on the target Windows machine (server and desktop), using RDP Relay, direct RDP, and credential provider. For information about privileged access to Windows machines, see Section 14.0, Privileged Access to Windows.
A UNIX/Linux Server user can get privileged access on the target UNIX/Linux machine, using SSH Relay, usrun command, pcksh, and cpcksh. For information about privileged access to UNIX/Linux machines, see Section 15.0, Privileged Access to UNIX and Linux.
A Privileged Account Manager user can access databases such as, Oracle, and any application server such as, LDAP. All the actions that the user performs on the database or any application can be monitored by configuring the settings on the Manager for Privileged Account Manager. The shared credentials are also managed by using Credential Vault. For more information about shared account credentials refer Section 17.0, Privileged Access to Applications and Cloud Services.
A user who has an account in the database server can also be monitored through Privileged Account Manager. For more information about database monitoring, see Section 16.0, Privileged Access to Databases
Privileged Account Manager provides shared key functionality to share any type of value or key with privileged users. For more information about shared keys refer, Section 13.0, Managing Shared Keys.