Imprivata Privileged Access Management Product Update 2.3.202008022311

August 2, 2020

PAM Update: Added Email Override option, simplified WEB Application URL and the option to manage dynamic credentials for shared assets in personal vault

This update added the Email Override option, simplified WEB Application access and the option to manage dynamic credentials for shared assets in a personal vault.

Added Email Override option

The update added user preference Email Override to allow users to provide alternative email for system notifications from the domains specified by system administrators.

System administrators should define the comma-separated list of allowed domains in the global parameter Email Override to enable email override for specified domains.

The option is useful for users to define an email address for notifications in case the back end user directory does not include emails for managed accounts.

System administrators still have control over the mail server used in email overrides to maintain the security of the notification distributions.

Simplified WEB Application URL

The update simplified initial WEB Application access by automatically redirecting URLs without /xtam/ suffix to the PAM WEB application.

In this scenario, users can open PAM WEB GUI by using a URL similar to this one: https://pam.company.com to get redirected to the PAM application.

The option is available for new deployments.

To enable the option for the current deployments, system owners can download the archive https://bin.xtontech.com/legacy/cas/pam-root-redirect.zip and extract the ROOT folder from the archive to $PAM_HOME/web/webapps folder on each node.

Added the option to refer to credentials in the personal vault

The update added the option to allow users to manage dynamic credentials for shared records in their personal vaults.

The option safely relaxes security limits for related records managed in the same vault by allowing users to manage dynamic credentials in their personal vaults.

The option simplifies data architecture for Managed Service Providers (MSP) with requirements to maintain named accounts to access client networks.