Imprivata Privileged Access Management Product Update 2.3.202102081004

February 7, 2021

PAM Update: Added password expiration warning for Active Directory users, added the option to reuse Virtual TOTP and Virtual SMS fields on any record

This update adds the option to display password expiration warning messages for Active Directory users, added the option to use Virtual TOTP and Virtual SMS access fields on any record for quick access to MFA code.

Added the option to display password expiration warning message for Active Directory users

The update added the option to display password expiration warning messages for Active Directory users based on GPO configuration in AD.

The warning prompts users that their password in Active Directory will soon expire and suggests changing the password using the Management / My Profile screen.

The warning helps administrators to facilitate self-service password management for the system users.

Enable global parameter Password Expiration Warning to enable this option which is disabled by default.

Added the option to add Virtual TOTP and Virtual SMS access field to any record

The update added the option to add Virtual TOTP and Virtual SMS access fields to any record for quick access to MFA code.

Adding quick access to MFA code is most useful for WEB Portal records to provide all authentication factors needed to login to the WEB Portal under management whether using Browser Filler Extension or HTTP Proxy.

To enable the record scoped Virtual MFA option, add the TOTP or SMS field to the record type and populate the field value with the TOTP secret key or phone number in the integrated Twilio phone system.

After the record is configured, the system will display Execute button for the Virtual MFA field on the Record View and Record Quick View screens.

When clicked, the action will generate time-based or access SMS for the MFA code.

Virtual TOTP is an MFA option generating temporary second-factor code based on the secret key and the time synchronized with the WEB Portal.

Virtual SMS is an MFA option based on the SMS message sent by the destination WEB Portal.

The virtual SMS field requires customers to have a Twilio account.

The option is based on integration with the Twilio service using the virtual phone number provided by Twilio stored on the record.

To integrate with Twilio, use the following system properties substituting TWILIO-USER and TWILIO-PASSWORD parameters with the one provided by Twilio service:

1
2
3
4
xtam.integration.sms.user=TWILIO-USER
xtam.integration.sms.password=TWILIO-PASSWORD
xtam.integration.sms.url=https://api.twilio.com/2010-04-01/Accounts/{xtam.integration.sms.user}/Messages.json
xtam.integration.sms.script=Twilio Integration

Added the option to display ENTER key in the session events report

The update added the option to display ENTER key pressed in the text rendering of key sequence event in the session events report. By default, ENTER key is not displayed in the exported reports. The update adds the option to display the character in place of ENTER key pressed by a user.

To enable this option to add the following parameter to the properties file: xtam.session.key.enter=182 .

Added REST API function to update one record field

The update added the option REST API function to update one record field instead of all fields in one call to simplify integration with other systems. The curl example below in Unix shell notation illustrates the new function used with $apitoken as an XSRF TOKEN, FIELD-VALUE for new field value, $base is the system URL (such as https://xtam.company.com/xtam), $recordID is the ID of the record and $fieldName is the field name (not the field display name) to update

1
curl -s $auth -H "Accept: application/json" -H "Content-Type: application/json" -H "X-XSRF-TOKEN: $apitoken" -X PUT --data "{\"string\":\"FIELD-VALUE\"}" $base/record/updateField/$recordID/$fieldName