Skip to main content

Deployment procedure

Introduction

PAM is the process of determining who has access to what types of information as it creates an integrated view of risk, threats, and controls.

Implementing a policy of least privilege minimizes unnecessary privilege allocation to ensure access to sensitive data is available only to those users who really need it.

Soffid provide a complete PAM solution So, we want to describe in detail the Soffid PAM solution deployment procedure.

Prerequisites

First of all, you should to install and config the Soffid PAM solution. To do that, you need to install the Jump servers and then to config them on Soffid Console.

You can follow the defined steps on the PAM Install & config book.

Deployment procedure

1. Networks

Main Menu > Administration > Resources > Networks

You need to add your company networks, or the networks you want to manage, on Soffid Console. To do that you need to create those networks on the Networks page.

Once you have created your networks, you could continue with the next setp.

2. Config Network discovery

Main Menu > Administration > Resources > Network discovery

When you open the Network discovery page, Soffid will display all the networks create on Soffid Console.

The network discovery process can be launched for each network, to do that, you need to configure the potential administrator accounts to connect to the hosts for each network.

You can add one or more potential administrator accounts to try to connect to the network hosts. These can be new accounts, or existing accounts on Soffid. Also, you can remove accounts from the accounts to probe list. If you remove an account from the list, that account will continue to exist on Soffid.

Once you have configured the Network discovery parameter for a network, you could execute the process to begin to search or you could schedule the process execution.

3. Launch Network discovery

Main Menu > Administration > Resources > Network discovery

The Network discovery process is an unattended process. You could launch, and it will be working until it will finish, even you close your Soffid session.

The Network discovery process could be a long process, depending on the network size and the number of hosts.

When the network discovery process is launched, as the process finds hosts, it will try to connect to them using the defined credentials. If it get to connect to the host, it will create automatically a Soffid agent with the proper attributes, also with the necessary account metadata. Then the reconciliation process of the created agent, will be launched and it will try to recover the information about the accounts defined on the host. Also, it will try to recover the information about the account protected services.

Also, the Network discovery process will create, in the possible cases, a new entry point to the host.

 

3.1. Entry points

 

3.2. Account repositories

 

3.2.1. Agent definition

 

3.2.2. Accounts

 

3.3. Account protected services

 

4. Password vault

 

5