Skip to main content

PAM Implementation guide

PAM Implementation guide

General instructions

Introduction The purpose of this document is to provide the instructions to implement PAM using ...

Step 1. Create network

The first step of the PAM implementation will be to create the network we want to scan to disco...

Step 2. Configure network discovery

The second step will be to configure the network with the proper parameter to allow you to run ...

Step 3. Launch network discovery

Step 3.1. Launch network discovery

Then, the third step will be to launch the network discovery process. That is the process in ch...

Step 3.2. Account repositories

  Once the network discovery process is complete, Soffid will have detected the devices connecte...

Step 3.3. Entry point

  Soffid allows you to manually create entry points to connect to information systems. Step-by-...

Step 4. Register additional resources (Optional)

Step 4.1. Add database (Optional)

The fourth step, to add a database, is an optional step. You only need to configure when there ...

Step 4.2. Create an agent (Optional)

That step will be an optional step, and it will be mandatory only when the SQL Server agent or ...

Step 4.3. Reconcile (Optional)

To request the accounts you must launch the reconciliation process. The main purpose of reconci...

Step 5. Account management

The account management step shows you how to manage the accounts to change the type, how to locat...

Step 5.1. Account management

  The account management step shows you how to manage the accounts to change the type, how to lo...

Step 5.2. Change account type

The Change account type step shows how to change the type from unmanaged to shared or privilege...

Step 5.3. Publish on Password vault

When critical accounts are detected, the best way to keep them safe is to place them on the Pas...

Step 5.4. Assign the password

To be able to use an account, it is necessary to assign a password, this can be the current pas...

Step 6. Passwords rotation

The passwords rotation reduces the vulnerability to password-based attacks. Soffid allows you to ...

Step 6. Passwords rotation

Introduction The password rotation reduces the vulnerability to password-based attacks. Soffid a...

Step 6.1. Create User type

How to create a new  User type. That will be mandatory to create a new Password policy. Step-b...

Step 6.2. Create Password policy

How to define a new password policy for the previous user type created. Step-by-step 1. First...

Step 6.3. Assign password policy

You must assign a proper password policy to the critical accounts to keep them safe. Step-by-s...

Step 6.4. Enable Task

To rotate the password it will be necessary to enable the task Expire untrusted passwords. The...

Step 7. Just in time privileges

Step 7. Just in time privileges

Introduction Once the discovery process has been run, the critical accounts have been detected a...

Step 7.1. Define an approval workflow

Step-by-step 1. To define and configure an approval workflow, you can use the Soffid BPM editor....

Step 7.2. Define XACML policy set to use a workflow

Step-by-step 1. To define policies, you must access the XACML Policy Management page in the foll...

Step 7.3. Configure XACML PEP

Step-by-step 1. To configure the XACML PEP  You must access the "XACML PEP configuration" page i...

Step 8. Behavior analysis

Step 8. Behavior analysis

Introduction Using PAM you can configure policies and rules in the Soffid console to detect acti...

Step 8.1. PAM Rules

Step-by-step 1. To create a new PAM Rule, you must access the PAM Rules page in the following p...

Step 8.2. PAM Policies

Step-by-step 1. To create a new PAM Policy, you must access the PAM Rules page in the following...

Step 8.3. Assign PAM policy

Assign PAM policy 1. To assign the PAM policy to a Password Vault folder, you must access the P...
Back to top