Password recovery configuration
Definition
Privileged Access Management (PAM) policies are a set of guidelines and controls that dictate how privileged access is granted, managed, and audited within an organization.
Soffid allows you to define policies, those policies can be made up of several rules. For each rule, you could select the action to perform when Soffid detects that rule is accomplished.
To use those policies you need to define how policies will be used by each folder in the password vault. For more information, you can visit the Password Vault page.
Screen overview
Standard attributes
- Name: name to identify the policy.
- Description: a brief description of the policy.
- Days to keep recordings: number of days that recordings will be kept.
- Priority: allows you to set the priority between the different PAM policies configured. When there are several policies, the policy to be applied is evaluated according to priority and expression.
- Expression: this expression is evaluated to determine the priority of the policy to be applied. When there are several policies, the policy to be applied is evaluated according to priority and expression.
- Temporary permissions: these permissions will be assigned to the user's account on the target system. The permissions will be maintained for the duration of the session. Once the session is over, the permissions will be revoked. The account must be a managed account.
- Modified by: user who modified that rule.
- Modified on: the date and time of the update.
When you save the standard attributes of a PAM policy and edit the policy again, the rule list will be shown. Here you can customize the policy depending on the existing rules.
- Rule list: show a list of the PAM rules defined. You can check/uncheck the available options. You can choose zero, one, or several:
- Close session: when the rule is met, Soffid will close the session.
- Lock account: when the rule is met, Soffid will lock the account.
- Open issue: when the rule is met, Soffid will open a new issue (*).
- Notify: when the rule is met, Soffid will send a notification about the action.
(*) You can visit the following page for more information about the issues: https://bookstack.soffid.com/books/soffid-3-reference-guide/page/issue-policies and https://bookstack.soffid.com/link/1153#bkmrk-pam-violation
Actions
PAM rules query
Query |
Allows you to query PAM policies through different search systems, Quick, Basic and Advanced. |
Add or remove columns |
Allows you to show and hide columns in the table. |
Add new |
Allows you to create a new PAM policy. You can choose that option on the hamburger menu or click the add button (+). To add a new PAM policy it will be mandatory to fill in the required fields. |
Delete |
Allows you to remove one or more PAM policies by selecting one or more records and next clicking the button with the subtraction symbol (-). To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation. |
Import |
Allows you to upload a CSV file with the PAM policies list to add or update PAM policies to Soffid. First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. Finally, you need to select the mappings for each column of the CSV file to import the data correctly and click the Import button. |
Download CSV file |
Allows you to download a CSV file with the PAM policies information. |
PAM rules detail
Apply changes |
Allows you to create a new configuration PAM policy or to update an existing one. To save the data it will be mandatory to fill in the required fields. |
Undo |
Allows you to quit without applying any changes made. |
Delete |
Allows you to delete a PAM policy. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation. |