Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Active Directory
Indeed Identity PAM interacts with end users through an account that will read directory users and their attributes.
Account to use with user directory
- Run the Active Directory Users and Computers snap-in
- Open the context menu of organizational unit or container
- Select Create - User item from the menu
- Specify the user name, say, IPAMManager
- Fill in the mandatory fields and complete the account creation
Alternatively, you can use an existing account.
Account for service operations in Active Directory
- Start the Active Directory Users and Computers snap-in
- Open the context menu of the Container or Organization Unit
- Select Create - User item
- Enter the name, for example, IPAMADServiceOps
- Fill in the required fields and complete the creation of the account
- Open the context menu of the container, organizational unit, or domain root and select the Properties item
- Go to the Security tab
- Click Add
- Select IPAMADServiceOps account and click Ок
- Click Advanced
- Select IPAMADServiceOps and click Edit
- For the field Applies to: set value Descendant User objects
- In the Permissions: section check Reset password
- Save all changes
Alternatively, you can use an existing account.
Storage of media files and shadow copies
File storages are necessary for aggregation and long-term storage of videos, screenshots and files transferred in sessions.
File storage account
Warning | ||
---|---|---|
| ||
A domain account is required to work with file storage, recommended to use the already created IPAMStorageOps account. |
Create and configure file storage
- Log in to the server, which will act as a file storage
- reate folders, for example MediaData, ShadowCopy, Screencasts
- Right click on the folder you created, select the item Share with > Specific people
- Enter the username, for example IPAMStorageOps and click Add
- In the "Permission level" column, click the Read value next to the IPAMStorageOps user and select Read/Write from the menu.
- Finish by clicking Share
Data storage
Indeed Identity PAM uses Microsoft SQL Server or PostgreSQL Pro to store data. The following components require databases:
- IPAMCore - PAM Core component database is used to store Indeed Identity PAM privileged accounts, resources, permissions, and other service data
- IPAMJobs - PAM Core component database is used to store scheduled jobs
- IPAMIdp - IdP component database is used to store authenticators of Indeed Identity PAM users and administrators
- ILS - Log Server component database is used to store the Indeed Identity PAM event
Database creation
Divbox | |||||
---|---|---|---|---|---|
| |||||
|
Divbox | |||||
---|---|---|---|---|---|
| |||||
|
Creating a service account to work with data storage
Divbox | |||||
---|---|---|---|---|---|
| |||||
|
Divbox | |||||
---|---|---|---|---|---|
| |||||
|
Note | ||
---|---|---|
| ||
The grants db_owner for Microsoft SQL Server and Superuser for PostgreSQL are required only for the first access to the database. |
Backtotop | ||||
---|---|---|---|---|
|
Divbox | ||||
---|---|---|---|---|
| ||||
|