Imprivata Privileged Access Management Product Update 2.3.202011292309
November 29, 2020
PAM Update: Added record types security policy report, Yubikey MFA support for native clients, account management for Netscaler and Fortigate devices, optimized Access Request user experience
This update adds record types security policy report for audit review, added Yubikey MFA support for native clients connecting using SSH and RDP Proxy, added account management support for Fortigate and Netscaler devices, and optimized user experience for Access Request submission.
Added record types security policy report
The update adds the option to export record types policies as PDF report for audit review.
The report includes record type parameters (session manager, custom script, inheritance, vault visibility), list of fields, password complexity formula as well as task policies for selected or all configured record types.
The report provides insight into default access security configuration for auditors and system owners to review.
Added Yubikey MFA support for native clients
The update adds Yubikey MFA support for users connecting using native clients such as PuTTY, mstsc, MobaXTerm, Secure CRT, Royal TS, WinSCP, scp, etc via SSH Proxy or RDP Proxy.
Yubikey MFA is a popular MFA option based on the hardware token.
The update extends the option to use various MFA providers to protect privileged access to sensitive assets.
Added account management support for Netscaler and Fortigate devices
The update adds Check Status and Password Reset scripts for Netscaler and Fortigate network devices.
The option improves privileged access management coverage for network infrastructure.
System administrators can add Check Status Remote Fortigate and Password Reset Remote Fortigate, or Check Status Remote Netscaler and Password Reset Remote Netscaler scripts to the regular Unix Host record.
The option is enabling account management for the corresponding network device or extend a Unix Host record type for the broad application of account management policies for multiple devices.
Optimized user experience for Access Request submission
The update adds several extensions to the Access Request form to facilitate the adoption of request-based access to sensitive assets.
The update allows users to submit access requests quickly and with fewer GUI interactions.
- Users can select request reason from the list of top 10 previously provided entries.
- The request reason field auto-prompts a user to select one of the top used reasons while the user types the new request reason.
- System administrators can change the default requested time using the system parameter Default Requested Time.
Added the option to block clipboard exchange with remote WEB session
The update adds the option to block clipboard exchange with remote WEB sessions using global parameter Session Clipboard Transfer with potential values Enabled or Disabled.
The option could be overwritten for individual records using the record type Choice field ClipboardTransfer (Display name: Clipboard Transfer, Selection: Enabled, Disabled, Use Global).
The option allows controlling clipboard transfer operations to comply with government and industry regulations.
Added the option for native RDP clients to launch alternative shell when connecting to the RDS server
The update adds the option for native RDP client such as mstsc to launch alternative shell when connecting to RDS server to complement already existing WEB Sessions capabilities.
RDP Proxy uses the same record level Command field to launch published RDS application to be compatible with WEB Sessions during connection without displaying Windows Desktop.
Added the option to disable WEB GUI check for the latest version
The update adds the option to disable WEB GUI check for the latest version by providing system property xtam.web.version.disable=true (default values is false) in $PAM_HOME/web/conf/catalina.properties file.
The option disables periodic connection to the update repository for deployments operating in air-gaped or regulated environments.
