Access to resources is performed using the user console. Available at the following URL:
- https://pam.indeed-id.local/pam/uc
Register authenticator
To work with the user console, you need to registr the authenticator. Log in to the console, if the user does not have an authenticator, then he will be redirected to IDP to register him:
After successful registration, you will be redirected to the user console.
Access to the resource
The console displays permissions to access to resources. For each permission, a resource and an account are indicated.
Access to resources is performed using .rdp files. To download the file, you must click Connect to the right of the required permission or click Connect to the access gateway. The second connection option is convenient with a large number of permissions, since it allows you to select the desired resource after authentication.
The permission details show the validity period, access schedule, and permission ID (the sequential number of the permission in the Permissions section in the Management console).
Direct connection to the resource
- Click Connect to the right of the desired permission
- Run the RDP file to access the resource
- Authenticate and follow the steps to set up your connection
Connection to the access gateway
- Click Connect to access gateway
- Run the RDP file to connect to the gateway.
- Authenticate and follow the steps to set up your connection.
Connection to SSH Proxy
You can use any SSH client to connect to the SSH Proxy gateway.
- Start SSH client
- Enter the SSH Proxy address and connect
- Authenticate
- Select a resource to connect
Connect via SSH directly
Command template for connecting directly to a resource via an ssh client:
ssh [user-name]#[resource]#[account-name]#[reason]@[proxy-address]
Where:
- user-name - username
- resource - IP address/DNS name of the target resource
- account-name - name of the privileged account
- reason - text of the reason for the connection
- proxy-address - IP address/DNS SSH Proxy
If the reason contains spaces, then it should be quoted. If any of the parameters are not specified, then SSH Proxy will additionally request the necessary information.
After executing the command, SSH Proxy will ask for the user's password and TOTP.
Example:
ssh james.miller#debain#db_user#"system configuration"@pam
View account password and SSH key
If the user has permission, in which the option Allow user to view account credentials is enabled, then the Accounts section will become available in the personal account. The section displays all accounts for which the password and SSH key can be viewed. To view, click View credentials, enter the reason for viewing and confirm your actions.
End of session
To end the session, end the user's session on the resource, or close the remote connection window.