Imprivata Privileged Access Management Product Update 2.3.202104182214
April 18, 2021
PAM Update: Updated SSH Proxy to include additional cryptography algorithms, added support for PEM/OpenSSH keys, option to revoke user access, and the option to delegate custom reports to folder owners
This update added more cryptography algorithms to SSH Proxy, added support for PEM/OpenSSH keys, added the option to revoke all user access, and added the option to delegate custom reports to folder owners.
Updated SSH Proxy to include additional cryptography algorithms
The update adds support for additional Ciphers, MACs, Key Exchange and Host Key Algorithms to SSH Proxy to allow users using native SSH clients to connect to a broader range of SSH enabled devices. The option also allows enhancing the security of end-point servers by switching them to more advanced cryptography algorithms.
Added support for PEM/OpenSSH keys
The update adds native support for the private keys in PEM/OpenSSH format for SSH Proxy and WEB SSH sessions as well as job execution on remote SSH servers. The option extends formerly supported PEM/RSA and PPK (PuTTY) key formats to simplify the onboarding of new accounts.
Added the option to revoke user access from the system
The update adds the option to revoke user global, record and folder permissions, global roles, and local group membership using one button on the Reports / Users report. The function simplifies user off-boarding from the system as well as releases the user count on the license enforcement. The option also reports a user as a group member in the integrated LDAP User Directory or Active Directory but does not remove the user from the integrated user directory.
Added the option to delegate custom reports to folder owners
The update adds the option to delegate custom reports execution to folder owners.
The option allows involving more users in the system management and audit.
The option allows delegating custom reports execution to vault or folder owners by enabling custom reports that reference record IDs using record_id HQL alias on the folder level in the reports menu.
An example of the custom report that could be delegated to the folder level is given by the following HQL producing all record update audit log events from the selected folder with search and export (PDF, CSV, Encrypted PDF or CSV) options (note record_id alias returned by the HQL as the last column in a select clause that enables the option to Enable custom report on the folder level):
select
r.name as recordName,
a.user.name as User,
a.created as created,
a.event as Event,
r.id as record_id
from
AuditLog a,
Record r
where
a.modelId=r.id
and a.event = 'Update'
and r.name like :searchAdded system parameter for remote node WEB Proxy configuration
The update adds system parameter xtam.updates.proxy for WEB Proxy configuration in the form server:port for PAM server to access update site. This parameter could be used to specify individual WEB proxy configuration for a remote node for the software update site only.
This parameter, when specified in the Master Node configuration, will overwrite the global parameter Proxy Server.
