Access to resources is performed using the user console. Available at the following URL:

  • https://pam.indeed-id.local/pam/uc

Register authenticator

To work with the user console, you need to registr the authenticator. Log in to the console, if the user does not have an authenticator, then he will be redirected to IDP to register him:

After successful registration, you will be redirected to the user console.

Access to the resource

The console displays permissions to access to resources. For each permission, a resource and an account are indicated.

Access to resources is performed using .rdp files. To download the file, you must click Connect to the right of the required permission or click Connect to the access gateway. The second connection option is convenient with a large number of permissions, since it allows you to select the desired resource after authentication.

The permission details show the validity period, access schedule, and permission ID (the sequential number of the permission in the Permissions section in the Management console).

Direct connection to the resource

  • Click Connect to the right of the desired permission
  • Run the RDP file to access the resource
  • Authenticate and follow the steps to set up your connection

Connection to the access gateway

  • Click Connect to access gateway
  • Run the RDP file to connect to the gateway.
  • Authenticate and follow the steps to set up your connection.

Connection to SSH Proxy

You can use any SSH client to connect to the SSH Proxy gateway.

  • Start SSH client
  • Enter the SSH Proxy address and connect
  • Authenticate
  • Select a resource to connect

Connect via SSH directly

Command template for connecting directly to a resource via an ssh client:

ssh [user-name]#[resource]#[account-name]#[reason]@[proxy-address]

Where:

  • user-name - username
  • resource - IP address/DNS name of the target resource
  • account-name - name of the privileged account
  • reason - text of the reason for the connection
  • proxy-address - IP address/DNS SSH Proxy


If the reason contains spaces, then it should be quoted. If any of the parameters are not specified, then SSH Proxy will additionally request the necessary information.

After executing the command, SSH Proxy will ask for the user's password and TOTP.

Example:

ssh james.miller#debain#db_user#"system configuration"@pam


View account password and SSH key

If the user has permission, in which the option Allow user to view account credentials is enabled, then the Accounts section will become available in the personal account. The section displays all accounts for which the password and SSH key can be viewed. To view, click View credentials, enter the reason for viewing and confirm your actions.

End of session

To end the session, end the user's session on the resource, or close the remote connection window.

  • No labels