Skip to main content

Hitachi ID Privileged Access Manager Screen Recordings

Request one-time access


Play movie

Content:

  • During an emergency or during a one-time event such as a production migration, users can request access to privileged accounts.
  • Requests are subject to validation (e.g., does the request include a valid incident number?) and authorization.

Key concepts:

  • A powerful workflow engine is built into Hitachi ID Privileged Access Manager.
  • The approval process supports:
    • Inviting multiple authorizers at one time.
    • N of M approvals.
    • Reminders, escalation and delegation to replace non-responsive authorizers with alternates.

Approve one-time access


Play movie

Content:

  • Authorizers are invited to review requests via e-mail.
  • Requests are approved or rejected via a secure, authenticated web form.

Key concepts:

  • Authorizers who don't respond promptly will receive reminder e-mails.
  • The approvals UI is works with small web browsers, such as on smart phones. This means that requests can be approved any-where, any-time.

Launch one-time session using a privileged account


Play movie

Content:

  • Once a session has been approved, the request's recipient can launch a privileged session.

Key concepts:

  • As with routine administrator access, Privileged Access Manager is normally configured to launch SSH, RDP and similar sessions rather than displaying a password value.
  • Passwords are normally re-randomized when a session completes and access is "checked in."
  • Checkout/checkin controls can limit the number of people connected to the same administrator ID at one time.
  • Late users are shown the names of people already connected to the same account.

Request, approve, and playback recorded session


Play movie

Content:

  • Recorded sessions may contain sensitive or private data. They are protected in Hitachi ID Privileged Access Manager by a combination of access controls and workflow approvals. An auditor must first request the right to perform a search of recorded sessions. Once this has been approved, he must select a session and request access to the recording. Only when this second request is approved can he download and play back the session.

Key concepts:

  • Securing access to recorded sessions.
  • Search using meta data and keyboard input.
  • Approvals for both search and play-back.

Privileged Access Manager API CMD


Play movie

Content:

  • Command-line execution of FTP client.
  • Plaintext password replaced with credentials from secure vault.
  • Video shows establishment of trust relationship.

Key concepts:

  • Authentication into Privileged Access Manager web services API uses OTP and IP address validation.
  • Wrapper library manages caching, encryption, key generation, serialization.
  • Encryption key generated based on runtime environment.
  • Command-line launcher hides complexity from user.

Read More:

  • Features:
    Privileged Access Manager is a system for securing access to privileged accounts. It works by regularly randomizing privileged passwords on workstations, servers, network devices and applications. Random passwords are encrypted and stored on at least two replicated servers.
  • Business Case:
    Privileged Access Manager helps organizations secure access to privileged accounts by randomizing their passwords and forcing users to sign into Privileged Access Manager when they need privileged access. It automatically deactivates access for departed IT users and creates a forensic audit of login session to sensitive accounts.
  • Screen Shots:
    Snapshots of the Privileged Access Manager web interface.
  • Screen Recordings:
    Recordings of user interaction with Privileged Access Manager.
  • Concept Animations:
    Animated demonstrations illustrating user interaction with Privileged Access Manager and data flow between components on the network.
  • Slide Decks:
    Slide presentations that discuss privileged access management in general and Privileged Access Manager in particular.
page top page top