Page Comparison

Before utilizing computers can be used for Privileged Session Management ( PSM), you must enable those machines for they must be configured to allow either RDP or SSH in EmpowerID.

...

connections. Follow these steps to enable your computers for PSM:

Procedure

1. Navigate to the Computer Details Page for the target computer

   • On the navbar, expand Privileged Access and click Computers.

   • Select the Computers tab and search for the computer

   that

   • you want to enable for PSM.

   • Click the Display Name link

   for

   • of the desired computer to access its details.
     

     Image Modified

2. Edit Computer Settings

   • On the Computer Details page that appears, click the Edit link to put the computer in edit mode.
     

     Image Modified

3. Configure Connection Settings

   • Scroll down on the Edit One page

   for the computers and

   • to the connection settings section.

   • For Windows computers, select Allows RDP Connections

   for Windows or

   • ; for Linux computers, select Allows SSH Connections

   for Linux

   • .

   
   Image Removed

   • Enter the address of your Privileged Session Manager gateway in the

   Privileged Session Manager Gateway

   • corresponding field and

   then click

   • select the

   tile for that gateway to select it.
   Image Removed

   SScroll down to

   • appropriate gateway tile.
     

     Image Added

4. Adjust Just-in-Time Access Settings

   • Further down, locate the Just-in-Time Access settings

   .Adjust the following settings

   • and adjust as necessary:

     • Enable Just in Time Account Provisioning:

     Turn

     • Toggle this setting on

     if you want

     • to have EmpowerID

     to

     • automatically create

     an

     • a user account

     for users

     • when

     they establish

     • a PSM session

     with the computer. Please note that this feature only applies

     • is established. Note: This setting applies only if the computer is

     inventoried

     • cataloged as a Local Windows Server account store.. When enabled and the machine is a Local Windows Server account store, EmpowerID will create an account using the naming convention "EmpowerID Login_Random Number" (for example, joe.kewl_1234567).

     • Use Existing Account if Applicable: Enable this feature if you want EmpowerID to log users in using their existing Windows server account (assuming it grants them the necessary access) instead of creating a new just-in-time account.

     • Delete JIT-Created Account on Check-In: Activate this setting

     if you want

     • to have EmpowerID

     to

     • remove the just-in-time user account

     when the user's computer session ends

     • upon session completion.

     • Allow Select Access Levels on Connect:

     If you enable this feature, users connecting to the computer can choose from any

     • Enable this to allow users to select from configured IAM Shop Permission Levels

     for the computer. For guidance on configuring IAM Shop Permission Levels for computers, please refer to

     • when they connect. Refer to the Assign IAM Shop Permission Levels to Computerstopic for configuration guidance.

5. Save Your Changes

   • Click the Save button to preserve your

   changes

   • adjustments.

With these settings in placeBy following these steps, the computer is now PSM-enabled, and users can begin will be fully configured for PSM, enabling users to request sessions with itas needed.

...