Imprivata Privileged Access Management Product Update 2.3.202101172323

January 17, 2021

PAM Update: Added mass request access to SSH Proxy Shell, filter discovered local accounts during auto-import, and field references in scripts

This update adds the option to mass request connect access by using wildcard at the end of the record name in SSH Proxy Shell, added the option to filter discovered local accounts during auto-import, added support for Unix and Windows scripts to reference values from any record field.

Added the option to mass request connect access in SSH Proxy Shell

The update added the option to mass request connect access to multiple records simultaneously using the request connect command in the system SSH Proxy Shell. The option automates access requests for administrators preparing to manage multiple assets.

To make mass request use * (wildcard) at the end of the record name when executing request connect record-search* time-requested reason command. In response to this command, the shell will request connection action for all records that record-search as part of the record name. The command will list records on the screen if there are a few of them and will display the number of records to request connect to in case there are too many of them (more than 20) before asking user configuration for bulk request.

Added the option to filter discovered local accounts during auto-import

The update added the discovery query option Filter for Local Accounts to filter local accounts discovered on the computers after successful connection during auto-import.

The option allows to auto-import only accounts that match a specified pattern such as started with Admin or with four numbers at the end.

This parameter defines a regular expression filter for the discovered accounts when copying discovered accounts to the vault using an automatic import process.

Discovered accounts refer to all privileged accounts detected on the end-point after initial login in addition to the account used to discover the end-point.

Filter example to auto-import all local accounts started with Admin: ^Admin(.*)

Added support for Unix, Windows and Groovy scripts to reference values from any record field

The update added the option for Windows (PowerShell), Unix (Shell) and XTAM (Groovy) scripts to reference any record field using {{RECORD:FieldName}} placeholder (RECORD:FieldName Groovy parameter) and any field of a shadow record using {{SHADOW:FieldName}} placeholder ((SHADOW:FieldName Groovy parameter)).

The option allows system owners to further automate various network activities using data stored in the Vault.

Added support for zero-trust authentication to devices using Telnet protocol with non-standard authentication prompts

The update added support for zero-trust authentication to devices using Telnet protocol with non-standard authentication prompts using record-level fields UserRegex and PasswordRegex for the regular expression to use when waiting for the username and password prompt.

The regular expression must be written in the POSIX ERE dialect (the dialect typically used by egrep).

Added the option for a task to trigger another task for the same record after successful completion

The update added the option for a task to trigger another task for the same record after successful completion using the comment at the end of the task in the following form to trigger script-name if it is assigned to the record:

#XTAM TRIGGER SELF script-name