Imprivata Privileged Access Management Product Update 2.3.201902032213

February 3, 2019

PAM Update: Adds the option to repeat failed jobs and adds password reset policy triggered after request expiration

Highlights of this update include the option to repeat failed jobs during the time window after the job failed, password reset (or any other job execution) policy triggered after request expiration and support for a password reset for non-OpenLDAP compliant user directories.

Added support for automatic re-execution of failed periodic jobs

This update adds the option to repeat failed periodic, weekly or monthly jobs during a configurable time after the failure following a configurable interval schedule.

This option improves the chances to reach computers that often appear outside of the corporate network, offline or shutdown frequently to reset passwords, check password status, manage local administrators groups or maintain valid service credentials.

The configuration for this option is driven by two system parameters both of which allow time interval specifications in seconds, minutes, hours or days: Rerun Failed Job Window defines for how long the job should be repeated and Rerun Failed Job Interval defines how frequently the fall back job should be scheduled.

Added task execution policy to trigger a job at the time of request expiration

This update adds a task execution policy to trigger a job after the expiration of an active request.

This policy might be useful to reset passwords on the remote system after the requested time window for this job is expired.

Note that PAM also includes the policy to execute jobs after checking in the record. This new policy allows job scheduling without record checkout enabling several users to work with the remote system simultaneously

Added password reset support for non-OpenLDAP compliant user directories

This update adds the option to configure custom password attribute to support password reset for non-OpenLDAP compliant user directories.

Use custom field PasswordAttribute (type: String, Display Name: Password Attribute) in LDAP Server record type to define LDAP password attribute relevant to this specific user directory server.