Privileged Account Manager 4.2 includes new features, improves usability, and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Privileged Account Manager Community Support Forum, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ website in HTML and PDF formats. If you have suggestions for documentation improvements, click the comment icon on any page in the HTML version of the documentation posted at the Privileged Account Manager Documentation website.
The following sections outline the key features and enhancements:
Credential Vault is enhanced to support the following resource and credential permissions:
Setting Custom Resource Attributes and Filtering Based on Those Attributes
Privileged Account Manager supports a high-level categorization based on resource type, such as, SSH, RDP, database, and so on. With thousands of resources stored in the Credential Vault, more granular resource categorization is required. You can now can use the Extended Attributes feature on resources to save it in different dimensions with any user-defined classification, such as location, application, and usage.
Based on these attributes, filtering and searching for a specific resource also becomes easier. You can also perform the following actions:
Update Extended Attributes for Single Resource.
Perform a bulk update on Multiple Resources.
Filter and search resources based on the defined Extended Attributes.
Categorize credentials based on privilege levels.
For more information, see Adding Extended Attributes and Defining Privileged Type for a Credential.
Support for User Selection of Credential During Checkout and Allow User to Set a New Password During Checkin
Users have a variety of credentials and persona for different credentials. For example, in an Active Directory with a large number of resources and credentials, there is no difference between each credential. Now during Credential checkout, you can assign a Privileged Type for a Credential. If an Active Directory has credentials with specific privileged types, while checking out a credential, you can select which role or user credential you want to check out.
You can configure permissions to control the Credential Checkin and Checkout behavior as follows:
Configure All or Restricted check-out over a set of credentials categorized by the privilege level.
Configure the Round Robin way of selecting credentials or allow the user to select the credentials during checkout.
Allow the user to change the credential during credential checkin.
Select the credential that you want to check out (If the credential is configured by the administrator)
Change the password of the checked-out credentials (if the credential is configured by the administrator.)
For more information, see Credential Checkout for Application and Database Type Credentials.
This release introduces the support for integrating Privileged Account Manager with OAuth 2.0. This integration is limited to Risk Service.
Using the OAuth2 Server tab under Settings, you can seamlessly integrate OAuth with Privileged Account Manager.
Using this integration, Privileged Account Manager delegates authorization to the configured authorization server when a user tries to access any protected account or resource. For more information, see OAuth2.
This release includes several user experience improvements:
Password Management:
Now, Password management functions are moved to the Credential Vault > Password Management tab. For more information, see Password Management.
My Access:
All the Resources for which a user has the permission are listed in the My Access page along with the icons against each resource.
The Extended Attributes which you have defined are also displayed along with the sessions. For example: If you have defined location and department as extended attributes they are displayed along with the resources.
For the resources that are listed on the My Access page, there is a search filter provided on the left page for easy facet filtering and filter search.
The Type field displays the type of resources available. For example: If there are Application and SSH key type resources, the Type field displays these two categories for easy search-ability.
New Request tab, used to raise emergency requests, is moved to Requests and Checkouts from the home console of Privileged Account Manager.
For more information, see Emergency Access Requests.
This release includes the following software fixes:
Component |
Bug ID |
Issue |
---|---|---|
Emergency access |
182808 |
While creating an Emergency Access request for SSH and Privileged Shell, Host field is not validated with PAM manager. |
Credential Checkout |
226781 |
All the credentials that a user is authorized to checkout must also be shown in the UI. |
Credential Vault |
285157 |
Column width for resource names is too narrow for entries in Credential Vault. |
Access Violation |
319098 |
A Privileged Account Manager agent crashes and restarts multiple times displaying the error: Exception code: C0000005 ACCESS_VIOLATION. |
Emergency Access |
351065 |
Emergency access request approval does not display available servers sometimes because Credential Vault entries are case-sensitive. |
Privileged Account Manager |
355001 |
PAM manager is periodically slow to respond and also takes a long time and multiple threads to process the heartbeat. |
Support for the following features is deprecated:
The Import and Export Configuration options are removed from the Administrator user interface.
The My Access > Predefined Tags user interface journey is deprecated.
JNLP-Based Relay Functionality: The Java Network Launch Protocol (JNLP) function that helped launch privileged SSH sessions provided by the SSH relay feature is deprecated and only Web launch of the applications is supported from this release onwards.
For information about hardware requirements, supported operating systems, and browsers, see Privileged Account Manager 4.2 System Requirements and Sizing Guidelines.
Download the software and the license from the Software License and Download portal. For information about how to download the product from this portal, watch the following video.
The following file is available with the Privileged Account Manager 4.2 release:
Table 1 File Available for Privileged Account Manager 4.2 Release
File/Folder name |
Description |
---|---|
netiq-npam-packages-4.2.0-0.tar.gz |
Contains the Privileged Account Manager 4.2 .tar file. |
You can upgrade to Privileged Account Manager 4.2 from Privileged Account Manager 4.1 or later. When you upgrade to Privileged Account Manager 4.2, a rollback of packages to version 4.1 or an earlier version is not supported.
For information about upgrading to Privileged Account Manager 4.2, see Upgrading Privileged Account Manager
in the Privileged Account Manager Installation Guide.
Micro Focus strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact https://www.microfocus.com/support-and-services/.
Unable to Check Out the Credentials for Database Type Resource
Unable to Save Facet Filter for My Access Page in Internet Explorer 11 Web Browser
Unable to Logout After Disabling Enforce OAuth for Web Authentication
The Checkout Window Is Displayed When Web SSH Session is Selected For Languages Other Than English
Check-in Fails for ESXi Applications with the Java Version 14
Enhanced Access Control Fails to Work on Solaris SPARC and HP-UX
Privileged Account Manager Does Not Recognize Double-byte Characters
An Intermittent Issue Observed When the RDP Direct Policy Is Invoked
License Summary Is Not Listed While Creating Database Vault for Monitoring
Issue: The user is unable to check out the credentials for Database type resource if the password change or credential check-in is set to Never. (Bug ID: 481025)
Workaround:
Go to Credential Vault > Resources > Connection details.
Set Internal in Password Change on Check In option and add a reconcile credential.
Set Never in Password Change on Check In.
(Bug ID: 481183)
Workaround: Log out from the console and clear the cache. Logging in back displays the My Access page listing normally.
Issue: The OAuth2 logout issue occurs if logged in using https://pam-addr/sso URL.(Bug ID: 482032)
Workaround: Close and launch the web browser and then log out.
Issue: When you select Web SSH session from Access Requests page, the checkout window is displayed. This issue occurs for Privileged Account Manager users of all the languages except for English. (Bug ID: 484012)
Workaround: This issue is rectified and the session gets successfully connected if you click SSH Web Session icon for the second time.
Issue: Check-in fails for the ESXi application with the Java version 14 when installed on Linux manager. (Bug ID: 184179)
Workaround: No workaround is available.
Issue: The SSH web relay session gets disconnected when the vault is configured with an OpenSSH private key.
Use ssh-keygen -m pem format keys. (Bug ID: 189414)
Issue: MSI upgrade does not work with Privileged Account Manager 4.1. (Bug ID: 286190)
Workaround: Upgrade using Package Manager.
No workaround is available. (Bug ID: 305031)
No workaround is available. (Bug ID: 329152)
Issue: An intermittent issue is observed when the RDP Direct policy is invoked with Authorized No and a browser-based application is launched for Web Application SSO. (Bug ID: 336035)
Workaround: No workaround is available.
No workaround is available. (Bug ID: 348028)
For specific product issues, contact Micro Focus Support at https://www.microfocus.com/support-and-services/.
Additional technical information or advice is available from several sources:
Product documentation, Knowledge Base articles, and videos: https://www.microfocus.com/support-and-services/
The Micro Focus Community pages: https://www.microfocus.com/communities/
© Copyright 2022 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
For additional information, such as certification-related notices and trademarks, see http://www.microfocus.com/about/legal/.