Imprivata Privileged Access Management Product Update 2.3.201812232242

December 23, 2018

PAM Update: Adds interactive MFA configuration, discovery of Windows service accounts and search improvements

Highlights of this update include interactive MFA configuration, service accounts discovery on Windows networks, precise search and display of linked folders.

Added interactive Multi-factor authentication configuration

This function adds an interactive MFA configuration GUI with the options to define multiple MFA providers for different principals, default MFA providers and group or user-based exceptions.

The option to quickly temporarily remove MFA requirements from specific users might be particularly useful in cases of emergency access.

The option is disabled by default and works only with the Federated Sign-In component deployed.

It could be enabled by uncommenting pre-built parameter cas.authn.mfa.groovyScript in $XTAM_HOME/web/conf/catalina.properties file.

Added support to display a list of linked folders for each object on the list of records and on the search screens

This update adds a list of folders for each record on the search result page to quickly identify where a record is located.

It is especially useful for situations when several records with the same name are located in different folders.

Note that the same record might be linked to multiple different folders.

In this case, the PAM record browser will list all linked folders for each record in the list.

Moreover, the regular PAM record browser will display the list of parent folders where each record is linked even during regular folder browsing operations without the search. In this case, the folder browser will only display parent links outside of the current folder to simplify the folder view.

Added the option to discover Windows hosts with specified service accounts in the services

The update brings the option to discover service accounts in Windows networks.

The configured discovery process will scan the network as usual but will only auto-import accounts from discovered computers that include services or service accounts that match the specified import filter criteria.

This option is useful in combination with the recently released function to update service account dependencies after the initial password reset for the service account.

Added the precise search option to locate exact record match

The update adds a search option to only find records that match the entered search criteria precisely without the automatic assumption of wildcard-based search. This way, the search initiated for 10.0.0.1 will not display 10.0.0.12 or 110.0.0.1 records.

To initiate such a search, use enclosing double quotes around search criteria.