Secure IDs
Privileged Access Management provides the option to enable secured IDs to display randomized IDs for managed objects on the user interface.
The optional use of these secured IDs is intended to provide enhanced security and does not reduce the performance, scalability or use of Privileged Access Management.
When enabled, all internal IDs will be displayed or used in both the GUI and API calls using a randomized method to ensure they will no longer be assumed nor guessed to be in a sequential ordering.
Secure IDs will be displayed in all places where the default, sequential IDs were originally.
Before enabling secure IDs, please note the following:
- If a user has bookmarked any record links in their browser, these bookmarks will no longer work after as they are referencing the original ID.
- If you have any scripts or are using the API to call specific functions that contain the original IDs, they will need to be updated to reflect the new secure IDs.
- Using the SSH Proxy feature will require the use of the new secure record IDs or the generic sequential list number for connections.
Enabling secure IDs
- Log on to PAM host server with an account that can update files.
- Open the file $PAM_HOME/web/conf/catalina.properties in a text editor.
- Add the following lines to the end of the file:
-
Save and close this file.
-
Restart the PamManagement (Windows) or pammanger (Linux) service.
#Secured IDs
xtam.secured.ids=true
xtam.secured.ids.strict=true
When the service is fully restarted, all the existing IDs throughout Privileged Access Management will have been updated with secured IDs and the original will no longer be accessible.
Secure ID Examples
Secure IDs Example: Record View
Secure IDs Example: Audit Log
Secure IDs Example: Sessions Report