Imprivata Privileged Access Management Product Update 2.3.202001192249

January 19, 2020

PAM Update: Added the option to auto-import discovered local accounts and added search center with the visual query builder

This update adds the option for continuous auto-import of discovered local accounts and also adds a search center with the visual query builder.

Added the option to auto-import discovered local accounts

This update adds several new options for the discovery of local accounts during the execution of discovery queries.

First is the option to choose whether to discover all accounts on the connected computer or only privileged accounts currently defined as members of Administrators group for Windows computers and sudo group on Unix computers. The scripts to discover local accounts could be edited in the script library under the names started with Discovery so that the logic could be customized for specific operating systems.

Second, the auto-import process includes the option to import discovered local accounts into the vault. During the auto-import process, the system will create a record for each discovered local account using the provided record type for local accounts which could be different from the record type for the discovered host.

In addition to this, the auto-import process will assign a main record of the discovered host as a shadow record to manage local accounts on this device.

The discovery process will also detect and auto-import new accounts that appeared on the endpoint after repeated scans.

The update also improves the manual import of both the main discovered host and local accounts discovered on this host by choosing the record types for the imported records as defined in the discovery query instead of using pre-defined Windows Host and Unix Host as it was operating before.

This update automates the discovery and onboarding of local accounts on discovered devices.

The typical flow for the local accounts might include pre-creating a record type for local accounts with the Set Password using Shadow account functionality so that all (or privileged) local accounts from discovered endpoints will be imported into the vault, with their passwords set to the randomly generated values.

Added search center with the visual query builder

This update adds the search center control on the top of the record browser with the options to select the type of query to execute and explanations of what these queries are.

The queries include search records by name or other indexed fields, folders, object by permissions given to users and groups, archived records, recently created objects, records with unique task lists and many more.

The goal of the search center is to simplify access to the right records, expose the hierarchical nature of the vault data, provide better insight into the vault content and improve adoption of the system search facility.