Skip to main content

Deployment procedure

Introduction

PAM is the process of determining who has access to what types of information as it creates an integrated view of risk, threats, and controls.

Implementing a policy of least privilege minimizes unnecessary privilege allocation to ensure access to sensitive data is available only to those users who really need it.

Soffid provide a complete PAM solution So, we want to describe in detail the Soffid PAM solution deployment procedure.

Prerequisites

First of all, you should to install and config the Soffid PAM solution. To do that, you need to install the Jump servers and then to config them on Soffid Console.

You can follow the defined steps on the PAM Install & config book.

Deployment procedure

1. Networks

Main Menu > Administration > Resources > Networks

You need to add your company networks, or the networks you want to manage, on Soffid Console. To do that you need to create those networks on the Networks page.

Once you have created your networks, you could continue with the next setp.

2. Config Network discovery

Main Menu > Administration > Resources > Network discovery

When you open the Network discovery page, Soffid will display all the networks create on Soffid Console.

The network discovery process can be launched for each network, to do that, you need to configure the potential administrator accounts to connect to the hosts for each network.

You can add one or more potential administrator accounts to try to connect to the network hosts. These can be new accounts, or existing accounts on Soffid. Also, you can remove accounts from the accounts to probe list. If you remove an account from the list, that account will continue to exist on Soffid.

Once you have configured the Network discovery parameter for a network, you could execute the process to begin to search or you could schedule the process execution.

3. Launch Network discovery

Main Menu > Administration > Resources > Network discovery

The Network discovery process is an unattended process. You could launch, and it will be working until it will finish, even you close your Soffid session.

The Network discovery process could be a long process, depending on the network size and the number of hosts.

3.1. Agent definition

When the network discovery process is launched, as the process finds hosts, it will try to connect to them using the defined credentials. When it get to connect to the host with one credentials, it will not try again with others.

If it get to connect to the host, it will create automatically a Soffid agent with the proper attributes and connector parameters, also with the necessary account metadata.

3.2. Accounts / Account protected services

Then, the reconciliation process of the created agent, will be launched and it will try to recover the information about the accounts defined on the host. Also, it will try to recover the information about the account protected services.

3.4. Entry points

The Network discovery process will create, in the possible cases, a new entry point to the host with the basic attributes, and the proper executions to run it.

That entry point will display on the Application access tree page.

4. Password vault

Main Menu > Administration > Resources > Password vault

When the network discovery process finishes, it will be really important determinite what are the critical accounts. Those critical accounts should be located in a protected storage, the Password vault.

On the password vault you can locate the accounts, especially the critical account use to access to critical systems and to your applications as well. Password vault allows you to handle the access control list to these accounts.