Advanced Search
Search Results
30 total results found
PAM Implementation guide
PAM Implementation guide
Step 5.2. Change account type
The Change account type step shows how to change the type from unmanaged to shared or privileged depending on the case. Step-by-step 1. Once Soffid displays the account detail, you can change the Type (located on the Common attributes) to the proper type....
Step 7.2. Define XACML policy set to use a workflow
Step-by-step 1. To define policies, you must access the XACML Policy Management page in the following path: Main Menu > Administration > Configure Soffid > Security settings > XACML Policy Management 2. Once you have accessed the XACML Policy Management pag...
Step 7.1. Define an approval workflow
Step-by-step 1. To define and configure an approval workflow, you can use the Soffid BPM editor. You must access the BPM editor page in the following path: Main Menu > Administration > Configure Soffid > Workflow settings > BPM editor 2. To add a new workfl...
Step 7. Just in time privileges
Introduction Once the discovery process has been run, the critical accounts have been detected and saved on the password vault, and the password rotation process has been defined, the next step would be to define the necessary approval process to manage the u...
Step 6.4. Enable Task
To rotate the password it will be necessary to enable the task Expire untrusted passwords. The Expire untrusted passwords task is in charge to create a new password for the accounts: Critical accounts with the password type "Automatically generated", in ...
Step 6.3. Assign password policy
You must assign a proper password policy to the critical accounts to keep them safe. Step-by-step 1. To access the accounts of a specific host or database (SQL Server or Oracle), you must click the "Accounts" button. The button is located close to the name...
Step 6.2. Create Password policy
How to define a new password policy for the previous user type created. Step-by-step 1. First of all, you must access the Password policies page, the path to access is the following: Main Menu > Administration > Configure Soffid > Security settings > Pass...
Step 6.1. Create User type
How to create a new User type. That will be mandatory to create a new Password policy. Step-by-step 1. First of all, you must access the User types page, the path to access is the following: Main Menu > Administration > Configure Soffid > Global Settings...
Step 6. Passwords rotation
Introduction The password rotation reduces the vulnerability to password-based attacks. Soffid allows you to limit the password lifespan and force you to change it. Soffid defines a procedure for Password rotation to keep safe the critical accounts. It allow...
Step 5.4. Assign the password
To be able to use an account, it is necessary to assign a password, this can be the current password or a new password. In the case of assigning a new password, it will be synchronized with the target system. Step-by-step 1. Once Soffid displays the accoun...
Step 5.3. Publish on Password vault
When critical accounts are detected, the best way to keep them safe is to place them on the Password vault. The password vault allows you to handle the access control list to these accounts, here you can define who are the owners, the managers, and the SSO u...
Step 5.1. Account management
The account management step shows you how to manage the accounts to change the type, how to locate the accounts on the password vault, and how to assign a password. To comply with this step the discovery process must be completed. Step-by-step 1. To access t...
Step 4. Register additional resources (Optional)
Step 4.3. Reconcile (Optional)
To request the accounts you must launch the reconcile process. The main purpose of reconciling process is to provide a mechanism to ensure that all users are aligned on the specific roles and responsibilities. Step-by-step 1. First of all, you need to edit...
Step 4.2. Create an agent (Optional)
That step will be an optional step, and it will be mandatory only when the SQL Server agent or the Oracle agent was not created previously on Soffid Console and you need to add a database to manage its accounts. Step-by-step 1. First of all, to create an a...
Step 4.1. Add database (Optional)
The fourth step, to add a database, is an optional step. You only need to configure when there is any database (SQL Server or Oracle) in some of the discovered hosts and you want to manage its accounts as privileged or shared accounts. Step-by-step The net...
Step 3. Launch network discovery
Then, the third step will be to launch the network discovery process. That is the process in charge to scan the network, get the hosts information and connect to the hosts as well. Step-by-step 1. The discovery network task can be executed manually or auto...
Step 2. Configure network discovery
The second step will be to configure the network with the proper parameter to allow you to run the discovery process. Step-by-step 1. First of all, you must access the network discovery page in he following path: Main Menu > Administration > Resources > N...
Step 1. Create network
The first step of the PAM implementation will be to create a the network we want to scan to discover the hosts Step-by-step 1. First of all, you must access the networks page, the path to access is the following: Main Menu > Administration > Resources > N...
General instructions
Introduction The purpose of this document is to provide the instructions to implement PAM using the Soffid console. This is a step-by-step implementation guide. Soffid is an information security product that provides a web console to manage privileged accou...
Step 8. Behavior analysis
Step 7. Just in time privileges
Step 6. Passwords rotation
The passwords rotation reduces the vulnerability to password-based attacks. Soffid allows you to limit the password lifespan and force you to change it.
Step 5. Account management
The account management step shows you how to manage the accounts to change the type, how to locate the accounts on the password vault and how to assign a password. To comply this step the discovery process must be completed.
Step 7.3. Configure XACML PEP
Step-by-step 1. To configure the XACML PEP You must access the "XACML PEP configuration" page in the following path: Main Menu > Administration > Configure Soffid > Security settings > XACML PEP configuration 2. At the "XACML PEP configuration page you mus...