Imprivata Privileged Access Management Product Update 2.3.202105232307

May 23, 2021

PAM Update: Added account-centered connect option with hosts whitelisting, closed captioning of session events to video recording, Universal Proxy, and account management for Brocade devices

This update added account-centred connect option for WEB Sessions including whitelisting of destination hosts, the option to include session metadata and events as a closed-captioning stream into MOV or MP4 video recording, Universal Proxy port listener, and account management support for Brocade network devices.

Added account-centred connect option with hosts whitelisting

The update adds the account-centred connect option with hosts whitelisting to allow users to connect to multiple configured hosts from the same records using credentials on record.

To enable hosts whitelisting, create record level Text field Hosts to store comma-, semicolon-, colon- or newline-separated list of hosts or host:port combinations.

When the list of allowed hosts is defined for the record, Connect action prompts for the host selection to choose the host to connect with the credentials on record.

The option allows system owners to restrict domain accounts access shared among multiple destination endpoints.

Added closed captioning or session events to video recording

The update adds the option to include session metadata and events as a Closed Caption stream into MOV or MP4 video recording.

The option provides contextual information about specific privileged access to video recordings extracted from the system in the form of Closed Captions that could be disabled or enabled in the video player.

To enable the Closed Captioning option, switch the global parameter Session Recording Metadata to Stream.

Existing deployments might need to update $PAM_HOME/bin/PamSession.cmd or $PAM_HOME/bin/PamSession.sh files extracted from downloaded update package at https://bin.xtontech.com/product/pam-pkg.zip.

Added Universal Proxy port listener

The update adds a Universal Proxy listener to support RDP and SQL Proxy servers bound to the same port instead of two Proxy servers listening on two separate ports.

The universal Proxy detects the type of client connecting to the port based on the initial network communication and redirects the stream to the corresponding RDP or SQL Proxy backend. The option could be used in addition or instead of individual RDP or SQL Proxy.

When Universal Proxy is enabled, RDP or SQL Proxy could be disabled but they will still serve traffic on the universal port.

The option is useful to reduce the number of ports exposed to the outside network as well as to simplify documentation and configuration.

Added account management for Brocade devices

The update adds Check Status and Password Reset scripts for Brocade network devices.

The option improves privileged access management coverage for network infrastructure.

System administrators can add Check Status Remote Brocade and Password Reset Remote Brocade scripts to the regular Unix Host record to enable account management for the Brocade network device or extend a Unix Host record type for the broad application of account management policies for multiple devices.