Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before utilizing computers can be used for Privileged Session Management ( PSM), you must enable those machines for either they must be configured to allow RDP or SSH in EmpowerID.

...

connections. Follow these steps to enable your computers for PSM:

Procedure

  1. Navigate to the Computer Details Page for the target computer

    • On the navbar, expand Privileged Access and click Computers.

    • Select the Computers tab and search for the computer

...

    • you want to enable for PSM.

    • Click the Display Name link

...

    • of the desired computer to access its details.

...

    • Image Added

  1. Edit Computer Settings

    • On the Computer Details page that appears, click the Edit (blue star) link to put the computer in edit mode.

      Image Added

...

  1. Configure Connection Settings

    • Scroll down on the Edit One page

...

    • to the connection settings section.

    • For Windows computers, select Allows RDP Connections

...

    • ; for Linux computers, select Allows SSH Connections

...

    • .

...

    • Enter the address of your Privileged Session Manager gateway in the

...

    • corresponding field and

...

    • select the

...

    • appropriate gateway tile.

...

...

Click Save.

...

    • Image Added

  1. Adjust Just-in-Time Access Settings

    • Further down, locate the Just-in-Time Access settings and adjust them as necessary:

      • Enable Just in Time Account Provisioning: Toggle this setting on to have EmpowerID automatically create a user account when a PSM session is established. Note: This setting applies only if the computer is cataloged as a Local Windows Server account store. When enabled and the machine is a Local Windows Server account store, EmpowerID will create an account using the naming convention "EmpowerID Login_Random Number" (for example, joe.kewl_1234567).
        Please note that For JIT to work properly, any group used for JIT needs to have Remote Desktop Permissions to the computer.

      • Use Existing Account if Applicable: Enable this feature if you want EmpowerID to log users in using their existing Windows server account (assuming it grants them the necessary access) instead of creating a new just-in-time account.

      • Delete JIT-Created Account on Check-In: Activate this setting to have EmpowerID remove the just-in-time user account upon session completion.

      • Allow Select Access Levels on Connect: Enable this to allow users to select from configured IAM Shop Permission Levels when they connect. Refer to the Assign IAM Shop Permission Levels to Computerstopic for configuration guidance.

  2. Save Your Changes

    • Click the Save button to preserve your adjustments.

By following these steps, the computer will be fully configured for PSM, enabling users to request sessions as needed.

Macrosuite divider macro
dividerWidth90
dividerTypetext
dividerWeight1
labelPositionmiddle
textAlignmentcenter
iconColor#000000
fontSizemedium
textRelated
textColor#000000
dividerColor#000000
dividerIcon

Local Windows Servers Connector

Assign IAM Shop Permission Levels to Computers

Request Computer Sessions

Start Computer Sessions

End Disconnect Computer Sessions

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue