General instructions

Introduction

The purpose of this document is to provide the instructions to implement PAM using the Soffid console. This is a step-by-step implementation guide.

Soffid is an information security product that provides a web console to manage privileged accounts in addition to, identity provisioning, identity governance, including risk management and Single sign on.

Before starting

Before you start the PAM implementation it will be mandatory:

1. Install Soffid IAM Console

The first step will be to install Soffid. You could install Soffid console on-premise, or on the cloud; on your own servers, or using docker or Kubernetes.

For more information visit the Soffid installation book.

2. Install Soffid PAM

The purpose of PAM is to manage accounts and to determinate what users will have access to critical resources. Soffid allows to you to install and configure PAM.

For more information visit the PAM Install & config book.

3. Login into Soffid Console

Your user need to be an administrator user or a user with the proper permission to perform the actions for the implementation procedure.

Step 3.1. Launch network discovery

Step 3.2. Account repositories

Step 3.3. Entry point

Step 4.1. Add database (Optional)

Step 4.2. Create an agent (Optional)

Step 4.3. Reconcile (Optional)

Step 5.1. Account management

Step 5.2. Change account type

Step 5.3. Publish on Password vault

Step 5.4. Assign the password

Step 6. Passwords rotation

Step 6.1. Create User type

Step 6.2. Create Password policy

Step 6.3. Assign password policy

Step 6.4. Enable Task

Step 7. Just in time privileges

Step 7.1. Define an approval workflow

Step 7.2. Define XACML policy set to use a workflow

Step 7.3. Configure XACML PEP

Step 8. Behavior analysis

Step 8.1. PAM Rules

Step 8.2. PAM Policies

Step 8.3. Assign PAM policy

General instructions

Introduction

Before starting

1. Install Soffid IAM Console

2. Install Soffid PAM

3. Login into Soffid Console

Process definition