PAM policies

Definition

Privileged Access Management (PAM) policies are a set of guidelines and controls that dictate how privileged access is granted, managed, and audited within an organization.

Soffid allows you to define policies, those policies can be made up of several rules.rules. For each rule, you could select the action to perform when Soffid detects that rule is accomplished.

To use those policies you need to define how policies will be used by each folder in the password vault. For more information, you can visit the Password Vault page. 

Screen overview

Related objects

1. PAM policies :  the PAM policies contains and configure the PAM rules
2. PAM rules : PAM rules used in the PAM policies
3. Password vault : to configure PAM policies in vault folders.
4. Issue policies :  to configure the pam-violation issue policy
   

Standard attributes

Table attributes

• Name: name to identify the policy. 
• Description: a brief description of the policy.
• Priority: priority between the different PAM policies configured.
• Modified by: user who modified that rule.
• Modified on: the date and time of the update.

Policy attributes

• Name: name to identify the policy. 
• Description: a brief description of the policy.
• Days to keep recordings: number of days that recordings will be kept.
• Priority: allows you to set the priority between the different PAM policies configured. When there are several policies, the policy to be applied is evaluated according to priority and expression.
• Expression: this expression is evaluated to determine the priority of the policy to be applied. When there are several policies, the policy to be applied is evaluated according to priority and expression.
• Temporary permissions: these permissions will be assigned to the user's account on the target system. The permissions will be maintained for the duration of the session. Once the session is over, the permissions will be revoked. The account must be a managed account. 
• Modified by: user who modified that rule.
• Modified on: the date and time of the update.

When you save the standard attributes of a PAM policy and edit the policy again, the rule list will be shown. Here you can customize the policy depending on the existing rules.

Rules

Ruleattributes

list: show

Show a list of the PAM rules defined. You can check/uncheck the available options. You can choose zero, one, or several:

• Rule: name of the rule
• Close session: when the rule is met, Soffid will close the session.
• Lock account: when the rule is met, Soffid will lock the account.
• Open issue: when the rule is met, Soffid will open a new  issue (*).
• Notify: when the rule is met, Soffid will send a notification about the action.

(*) You can visit the following page for more information about the issues: https://bookstack.soffid.com/books/soffid-3-reference-guide/page/issue-policies and  https://bookstack.soffid.com/link/1153#bkmrk-pam-violation

The PAM policies configuration is sent to the user-console.policies to the Store container. You can find this file at /opt/soffid/tomee/data/ips

💻 Image

Actions

PAMTable rules queryactions

"Query search"	Allows you to query PAM policies through different search systems, Quick, Basic and Advanced.
Add or remove columns	Allows you to show and hide columns in the table.
Add new	Allows you to create a new PAM policy. You can choose that option on the hamburger menu or click the add button (+). To add a new PAM policy it will be mandatory to fill in the required fields.
Delete PAM policy	Allows you to remove one or more PAM policies by selecting one or more records and next clicking thethis button with the subtraction symbol (-).button. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.
Download CSV file	Allows you to download a CSV file with the PAM policies information.
Import	Allows you to upload a CSV file with the PAM policies list to add or update PAM policies to Soffid. First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. Finally, you need to select the mappings for each column of the CSV file to import the data correctly and click the Import button.
Download CSV fileView	Allows you to downloadshow aand CSVhide filecolumns within the PAMtable. policies You information.can also set the order in which the columns will be displayed.

PAMPolicy rules detailactions

Apply changes (dick button)	Allows you to create a new configuration PAM policy or to update an existing one. To save the data it will be mandatory to fill in the required fields.
Delete	Allows you to delete a PAM policy. To delete a PAM policy you can click on the "three points" icon and then click the delete button. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.
Undo	Allows you to quit without applying any changes made.
DeleteApply changes	Allows you to deletecreate a new configuration PAM policy.policy or to update an existing one. To performsave thatthe action,data Soffidit will askbe mandatory to fill in the required fields. Once the change has been applied, you forwill confirmation,return you could confirm or cancelto the operation.main screen.