Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before utilizing computers can be used for Privileged Session Management ( PSM), you must enable those machines for either they must be configured to allow RDP or SSH in EmpowerID.

...

connections. Follow these steps to enable your computers for PSM:

Procedure

  1. Navigate to the Computer Details Page for the target computer

    • On the navbar, expand Privileged Access and click Computers.

    • Select the Computers tab and search for the computer

    that
    • you want to enable for PSM.

    • Click the Display Name link

    for
    • of the desired computer to access its details.

      Image Modified

  2. Edit Computer Settings

    • On the Computer Details page that appears, click the Edit (blue star) link to put the computer in edit mode.

      Image Modified

  3. Configure Connection Settings

    • Scroll down on the Edit One page

    for the computers and
    • to the connection settings section.

    • For Windows computers, select Allows RDP Connections

    for Windows or
    • ; for Linux computers, select Allows SSH Connections

    for Linux
    • .


    Image Removed
    • Enter the address of your Privileged Session Manager gateway in the

    Privileged Session Manager Gateway
    • corresponding field and

    then click
    • select the

    tile for that gateway to select it.
    Image Removed

    SScroll down to

    • appropriate gateway tile.

      Image Added

  4. Adjust Just-in-Time Access Settings

    • Further down, locate the Just-in-Time Access settings

    .Adjust the following settings
    • and adjust them as necessary:

      • Enable Just in Time Account Provisioning:

      Turn
      • Toggle this setting on

      if you want
      • to have EmpowerID

      to
      • automatically create

      an
      • a user account

      for users
      • when

      they establish
      • a PSM session

      with the computer. Please note that this feature only applies
      • is established. Note: This setting applies only if the computer is

      inventoried
      • cataloged as a Local Windows Server account store. When enabled and the machine is a Local Windows Server account store, EmpowerID will create an account using the naming convention "EmpowerID Login_Random Number" (for example, joe.kewl_1234567).
        Please note that For JIT to work properly, any group used for JIT needs to have Remote Desktop Permissions to the computer.

      • Use Existing Account if Applicable: Enable this feature if you want EmpowerID to log users in using their existing Windows server account (assuming it grants them the necessary access) instead of creating a new just-in-time account.

      • Delete JIT-Created Account on Check-In: Activate this setting

      if you want
      • to have EmpowerID

      to
      • remove the just-in-time user account

      when the user's computer session ends
      • upon session completion.

      • Allow Select Access Levels on Connect:

      If you enable this feature, users connecting to the computer can choose from any
      • Enable this to allow users to select from configured IAM Shop Permission Levels

      for the computer. For guidance on configuring IAM Shop Permission Levels for computers, please refer to
  5. Save Your Changes

    • Click the Save button to preserve your

    changes
    • adjustments.

With these settings in placeBy following these steps, the computer is now PSM-enabled, and users can begin will be fully configured for PSM, enabling users to request sessions with itas needed.

Macrosuite divider macro
dividerWidth90
dividerTypetext
dividerWeight1
labelPositionmiddle
textAlignmentcenter
iconColor#000000
fontSizemedium
textRelated
textColor#000000
dividerColor#000000
dividerIcon

...

Disconnect Computer Sessions

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue