# PAM

Privileged Access Management

# Discover your assets

## Description

Soffid allows you to configure the network discovery tool in a way to run the process to identify any asset present in your network.

<p class="callout info">For more information, you can visit [the Network discovery page](https://bookstack.soffid.com/books/pam-deployment/page/network-discovery).</p>

## Step-by-step

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1. </span>Once you select the Discover you assets option, Soffid will display the form to fill in.

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2. </span>You need to register your network data and click the Next button.

[![image-1677074814027.png](https://bookstack.soffid.com/uploads/images/gallery/2023-02/scaled-1680-/image-1677074814027.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-02/image-1677074814027.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3. </span>You need to register an account. You can choose to register a new one or to use an existing account.

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3.1. </span>If you select the *Register a new account* option, you must fill in the Login name and the password and click the Apply changes button

[![image-1677075386016.png](https://bookstack.soffid.com/uploads/images/gallery/2023-02/scaled-1680-/image-1677075386016.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-02/image-1677075386016.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3.2. </span>If you select *Use an existing account*, you must select an existing account in the system and click the Apply changes button.

[![image-1677663289187.png](https://bookstack.soffid.com/uploads/images/gallery/2023-03/scaled-1680-/image-1677663289187.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-03/image-1677663289187.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">4. </span>Soffid display this message to indicate the network discovery is in process

[![image-1678181171257.png](https://bookstack.soffid.com/uploads/images/gallery/2023-03/scaled-1680-/image-1678181171257.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-03/image-1678181171257.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">5. </span>If you click the Finish button, Soffid will display the Network discovery monitoring.

[![image-1678181285472.png](https://bookstack.soffid.com/uploads/images/gallery/2023-03/scaled-1680-/image-1678181285472.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-03/image-1678181285472.png)

# Publish accounts in the password vault

## Description

This wizard allows you to publish some accounts in the password vault in order to save and manage these accounts and their password.

<p class="callout info">For more information, you can visit [the Password vault page](https://bookstack.soffid.com/books/soffid-3-reference-guide/page/password-vault).</p>

## Step-by-step

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1. </span>Once you select the *Public accounts in the password vault* option, Soffid will display the following wizard

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2. </span>You must select the accounts you want to publish and click the Next button.

[![image-1677665161084.png](https://bookstack.soffid.com/uploads/images/gallery/2023-03/scaled-1680-/image-1677665161084.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-03/image-1677665161084.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3. </span>Then, Soffid will configure the password vault.

[![image-1677665252320.png](https://bookstack.soffid.com/uploads/images/gallery/2023-03/scaled-1680-/image-1677665252320.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-03/image-1677665252320.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">4. </span>When you click the Finish button, Soffid will browse to the Password vault page. On this page, you could check and update the permissions.

[![image-1677665399042.png](https://bookstack.soffid.com/uploads/images/gallery/2023-03/scaled-1680-/image-1677665399042.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-03/image-1677665399042.png)

[![image-1677665440094.png](https://bookstack.soffid.com/uploads/images/gallery/2023-03/scaled-1680-/image-1677665440094.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-03/image-1677665440094.png)

# Create monitoring and recording policies

## Description

PAM policy is a subset of cybersecurity policies that deal with privileged access. This determines which users can have privileged access to specific systems, when, and for how long.

You can check the policies in the following menu option: `Main Menu > Administration > Configuration > Security settings > PAM policies`

<p class="callout info">For more information, you can visit [the PAM policies page.](https://bookstack.soffid.com/books/pam-deployment/page/pam-policies)</p>

## Step-by-step

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1. </span>Once you click the *Create monitoring and recording policies* option, Soffid will create a default policy.

[![image-1678104384200.png](https://bookstack.soffid.com/uploads/images/gallery/2023-03/scaled-1680-/image-1678104384200.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-03/image-1678104384200.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2. </span>When you click the Ok button, Soffid will browse to the created policy and allows you to update the default configuration.

[![image-1678106829891.png](https://bookstack.soffid.com/uploads/images/gallery/2023-03/scaled-1680-/image-1678106829891.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-03/image-1678106829891.png)

# Create MFA policies

## Description

This wizard allows you to configure the access control rules for Soffid Console. By default, an OTP will be required to access to the Password vault or application menu.

You can check the configuration in the following menu option: `<span class="link" id="bkmrk-main-menu">Main Menu</span><span id="bkmrk-%C2%A0%3E%C2%A0"> > </span><span class="link" id="bkmrk-administration">Administration</span><span id="bkmrk-%C2%A0%3E%C2%A0-0"> > </span><span class="link" id="bkmrk-configuration">Configuration</span><span id="bkmrk-%C2%A0%3E%C2%A0-1"> > </span><span class="link" id="bkmrk-security-settings">Security settings</span><span id="bkmrk-%C2%A0%3E%C2%A0-2"> > </span>Authentication`

<span id="bkmrk--2"></span>

<p class="callout info">For more information, you can visit [the Two-factor authentication (2FA) book](https://bookstack.soffid.com/books/two-factor-authentication-2fa-VsJ) and the [Second Factor Authentication configuration](https://bookstack.soffid.com/link/164#bkmrk-second-factor-authen)</p>

## Step-by-step

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1. </span>Once you select the *Create monitoring and reporting policies* option, Soffid will launch the following wizard

[![image-1677142847903.png](https://bookstack.soffid.com/uploads/images/gallery/2023-02/scaled-1680-/image-1677142847903.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-02/image-1677142847903.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2. </span>If you click the Apply now button, Soffid will browse to the Authentication page, allowing you to configure the Second Factor Authentication.

[![image-1677146097093.png](https://bookstack.soffid.com/uploads/images/gallery/2023-02/scaled-1680-/image-1677146097093.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-02/image-1677146097093.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3. </span>To confirm the changes, you must click the Confirm changes button.