Imprivata Privileged Access Management Product Update 2.3.201911102225

November 10, 2019

PAM Update: Added Duo Security MFA to SSH Proxy access using native SSH clients, Quick View for records and copy folders with sub-folders

This update adds Duo Security as an MFA option for SSH Proxy access using native SSH clients, the Quick View option that enables reviewing record fields in the popup dialogue from the item list, and the option to copy folder hierarchies with permissions and workflow configuration.

Added Duo Security as an MFA option for SSH Proxy access using native SSH clients

The new update adds Duo Security as an MFA option for SSH Proxy access using native SSH clients including Push, SMS, Phone Call and OTP modes to confirm administrator identity.

Duo Security is a popular MFA provider offering a variety of second-factor methods of authentication as well as several options to integrate with user directories.

PAM supported Duo Security for a long time as an MFA provider to access the WEB GUI and in-browser sessions.

This update brings Duo Security MFA to access remote hosts as well as PAM Shell using native SSH clients such as PuTTY, Secure CRT, MobaXTerm or ssh shell.

Duo Security for SSH Proxy inherits Duo Security configuration from WEB Login using the following parameters:

Copy
cas.authn.mfa.duo[0].duoApiHost=duoApiHost
cas.authn.mfa.duo[0].duoIntegrationKey=duoIntegrationKey
cas.authn.mfa.duo[0].duoSecretKey=duoSecretKey

 

Alternatively, use different set of parameters to isolate Duo Security MFA requirements to SSH Proxy only:

Copy
xtam.integration.duo.apiHost=duoApiHost
xtam.integration.duo.integrationKey=duoIntegrationKey
xtam.integration.duo.secretKey=duoSecretKey

 

PAM SSH Proxy will enforce Duo Security MFA for users configured using the Administration / MFA screen or follow the global MFA configuration.

Added Quick View option that enables reviewing record fields in the popup dialogue from the item list

Quick View option for records in the item browser simplifies routine access to record fields and sensitive information. This new function provides a one-click option to quickly look at the record details, unlock a password or a PIN code, copy the user or host to the clipboard without leaving the folder browser screen.

Added the option to copy folder hierarchies with permissions and workflow configuration

The New Copy folders option allows copying folder structures including nested sub-folders, permissions and workflow configuration to a different folder or a vault. The option works both for individual folders as well for bulk folder copy.

The option is useful to quickly replicate complex folder setups including security architecture as a template between multiple sites or locations.

Note that the Copy Folder option only copies folder architecture relying on the folder owners or managers to create actual assets.