Enable Computers for Privileged Session Management

Before computers can be used for Privileged Session Management (PSM), you must enable those machines for either RDP or SSH in EmpowerID.

Enable computers for PSM

1. On the navbar, expand Privileged Access and click Computers.

2. Select the Computers tab and search for the computer that you want to enable for PSM.

3. Click the Display Name link for the computer.
   
   

   Open

   

    

4. On the Computer Details page that appears, click the Edit link to put the computer in edit mode.
   
   

   Open

   

    

5. Scroll down the Edit One page for the computers and select Allows RDP Connections for Windows or Allows SSH Connections for Linux.
   
   

    

6. Enter your Privileged Session Manager gateway in the Privileged Session Manager Gateway field and then click the tile for that gateway to select it.
   
   

    

7. SScroll down to locate the Just-in-Time Access settings.

8. Adjust the following settings as necessary:

   • Enable Just in Time Account Provisioning: Turn this setting on if you want EmpowerID to automatically create an account for users when they establish a PSM session with the computer. Please note that this feature only applies if the computer is inventoried as a Local Windows Server account store. When enabled and the machine is a Local Windows Server account store, EmpowerID will create an account using the naming convention "EmpowerID Login_Random Number" (for example, joe.kewl_1234567).

   • Use Existing Account if Applicable: Enable this feature if you want EmpowerID to log users in using their existing Windows server account (assuming it grants them the necessary access) instead of creating a new just-in-time account.

   • Delete JIT-Created Account on Check-In: Activate this setting if you want EmpowerID to remove the just-in-time user account when the user's computer session ends.

   • Allow Select Access Levels on Connect: If you enable this feature, users connecting to the computer can choose from any configured IAM Shop Permission Levels for the computer. For guidance on configuring IAM Shop Permission Levels for computers, please refer to Assign IAM Shop Permission Levels to Computers.

9. Click the Save button to preserve your changes.

With these settings in place, the computer is now PSM-enabled, and users can begin to request sessions with it.

Local Windows Servers Connector

Assign IAM Shop Permission Levels to Computers