Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before computers can be used for Privileged Session Management (PSM), you must enable those machines them for either RDP or SSH in EmpowerID.

Enable computers for PSM

  1. On the navbar, expand Privileged Access and click Computers.

  2. Select the Computers tab and search for the computer that you want to enable for PSM.

  3. Click the Display Name link for the computer.

  4. On the Computer Details page that appears, click the Edit (blue star) link to put the computer in edit mode.

  5. Scroll down the Edit One page for the computers and select Allows RDP Connections for Windows or Allows SSH Connections for Linux.

  6. Enter your Privileged Session Manager gateway in the Privileged Session Manager Gateway field and then click the tile for that gateway to select it.

  7. SScroll Scroll down to locate the Just-in-Time Access settings.

  8. Adjust the following settings as necessary:

    • Enable Just in Time Account Provisioning: Turn Toggle this setting on if you want to have EmpowerID to automatically create an a user account for users when they establish a PSM session with the computer. Please note that this feature only applies is established. Note: This setting applies only if the computer is inventoried cataloged as a Local Windows Server account store. When enabled and the machine is a Local Windows Server account store, EmpowerID will create an account using the naming convention "EmpowerID Login_Random Number" (for example, joe.kewl_1234567).
      Please note that For JIT to work properly, any group used for JIT needs to have Remote Desktop Permissions to the computer.

    • Use Existing Account if Applicable: Enable this feature if you want EmpowerID to log users in using their existing Windows server account (assuming it grants them the necessary access) instead of creating a new just-in-time account.

    • Delete JIT-Created Account on Check-In: Activate this setting if you want EmpowerID to remove the just-in-time user account when the user's computer session ends.

    • Allow Select Access Levels on Connect: If you enable this feature, users connecting to the computer can choose from any configured IAM Shop Permission Levels for the computer. For guidance on configuring IAM Shop Permission Levels for computers, please refer to Assign IAM Shop Permission Levels to Computers.

  9. Click the Save button to preserve your changes.

With these settings in place, the computer is now PSM-enabled, and users can begin to request sessions with it.

Macrosuite divider macro
dividerWidth90
dividerTypetext
dividerWeight1
labelPositionmiddle
textAlignmentcenter
iconColor#000000
fontSizemedium
textRelated
textColor#000000
dividerColor#000000
dividerIcon

...