Imprivata Privileged Access Management Product Update 2.3.202003292209

March 29, 2020

PAM Update: Added file transfer control option, SSH Public Key management, subscription and user workflow binding reports

This update added support to the control file transfer options for RDP or SSH sessions, added SSH Public Key management facility, Asset Bindings and Subscription reports.

Added support to control file transfer option for RDP or SSH sessions

This update added the option to enable or disable the file transfer option for in-browser sessions as well as for sessions established using native RDP or SSH clients. The file transfer control option could be configured on a global level and overwritten for each individual record.

The option allows system owners to block file upload and download to specific servers following regulations and compliance requirements as well as security practices for highly sensitive access.

Use global parameter Administration / Settings / Parameters / Session File Transfer to enable or disable file transfer option for all system assets. Use record-level field FileTransfer to overwrite the global setting for any specific record.

To enable the record level option, extend the default configuration by adding the Choice custom field named FileTransfer (display name File Transfer Control) with the possible values Use Global, Enabled, Disabled to the record type that requires file transfer control.

After that, set the required value for this field to each specific record of this record type.

Added SSH Public Key management facility

System SSH Proxy allows SSH public key authentication for remote server access and SSH Proxy shell operations. Users often choose SSH public key authentication to simplify connection and remove the need to enter passwords during login. The new update adds several tools for system owners to manage SSH public keys of system users, enforce key life cycle policies and provide visibility to the key use.

The update added audit events about SSH Public Key generation, upload and deletion. The update also introduced the option to specify an expiration policy to invalidate the keys and force users to rotate them. Use global parameter SSH Proxy Public Key Expiration to define expiration time in days.

The update also added SSH Public Key creation date to the Users report highlighting expired and blocked keys to provide system owners visibility to the key status for all system users. Moreover, the system administrators can now block and unblock SSH Public Keys for selected users to enforce key rotation or remove the option to access the system.

Added subscription reports

The update added two Subscription reports that provide visibility for system administrators to alerts and scheduled reports distribution users subscribed to.

The subscription reports reflect user interest in the system events, provide an indication of the load of the distribution system and also allow to unsubscribe users from certain events or report distributions.

Alert subscription report in addition provides an insight into the session score calculation as well as to the behavioral analytics enforcement by highlighting points of interest of various stakeholders about admin activities in the session.

Added automatic proxy PAC generation URL to simplify HTTP Proxy configuration

The update added system end-point URL ​https://host.company.com/xtam/proxy.pac to generate proxy.pac configuration file for the browsers to use to system proxy setting based on the configured global property HTTP Proxy Domains.

The update also added system end-point URL ​https://host.company.com/xtam/proxy.pac?portals to generate proxy.pac configuration file for the browsers to use to system proxy setting based on created WEB Portal records.

Both URL endpoints simplify HTTP Proxy configuration by allowing to quickly redirect the client-side browsers to use PAM as an HTTP proxy server managing the traffic to the remote WEB Portals.

Added User-centric Asset Bindings Report

The update added an Item workflow biding report to display all users in all groups with the related workflow bindings to the selected item with the search and export options to simplify the analysis of workflow binding configurations.

The report allows to quickly analyze the specific restrictions and requirements a user has in relation to the selected asset regardless of whether the restriction is configured for multiple groups the user is a member of or for the user themselves.