Imprivata Privileged Access Management Product Update 2.3.202105092220

May 9, 2021

PAM Update: Added easy random password generator screen and Yubikey OTP option in Duo Security MFA for proxy servers and workflows

This update added an easy random password generator screen and Yubikey OTP option in Duo Security MFA for proxy servers and workflows.

Added easy random password generator screen

The update adds an easy random password generator screen accessible from any part of the WEB application.

The option allows to quickly generate a complex password for various uses, to review, to re-generate, and copy the password to the clipboard.

The option Generate Password is available in the dropdown user avatar menu in the top left corner of the WEB GUI.

The random password is generated using system-level password formula accessible from Administration / Local Users / Formula screen.

Added the option for Yubikey OTP in Duo Security MFA in proxy servers and workflows

The update adds the option to use Yubikey OTP in Duo Security MFA when authenticating in RDP, SSH Proxy servers or request workflows. The feature extends a number of options a user might utilize for the second-factor authentication.

Added the option to pass session metadata to endpoint SSH servers

The update adds the option to pass session metadata to endpoint servers through the Prologue mechanism including system user, user and password on record, and session identifier.

The option allows exposing session information to the monitoring software on the endpoint, to launch 3rd party applications using credentials on record as well as to correlate endpoint server auditing data with the privileged access reports.

Use the following placeholders in the Prologue field to pass session metadata to the endpoint servers

  • {USER} – User on record
  • {PASSWORD} – Password on record
  • {LOGIN} – Current system user accessing the endpoint server through the session
  • {SESSION} – Artificial Connection ID to correlate with the system Sessions report

Example of the Prologue entry that includes both system user and the correlation ID might look like an environment variable set up on the destination server to expose internal information of the PAM system to the software on the endpoint like in the example below. Once the data is captured by the endpoint, the Correlation ID could be obtained from the Connection column of the System or Record level Sessions report.

Copy
:->export XTAM="User {LOGIN} Correlation {SESSION}"