Creating a regular account

  1. Select Management > Accounts.
  2. Click Add.
../../_images/accounts_view_add.png
  1. Define object’s name.
  1. Select Blocked option to disable account after it’s created.
  1. Select regular from the Type drop-down list.
  1. Select desired session recording option.

    • all - Fudo PAM saves session metadata (basic session information), records raw network traffic (RAW file) and stores session data in internal file format (FBS). The latter enables session playback using the built-in session player, as well as exporting sessions to a selection of video file formats.
    • raw - Fudo PAM saves session metadata (basic session information) and records raw network traffic (RAW file). The raw data can be downloaded but it cannot be played back in graphical form using the built-in session player (session player only depicts the networks packet exchange between the client and the target host).
    • none - Fudo PAM saves only session metadata (basic session information).
  1. Select the OCR sessions option to fully index RDP and VNC sessions contents.

Note

Indexing sessions enables full-text content searching.

../../_images/sessions_search.gif

Warning

OCR is a CPU intensive process and may have negative impact on system’s performance.

  1. Select language used for processing recorded sessions.
  2. In the Notes field, enter a message to User Portal users.
../../_images/add_account_general.png

Note

Account notes can be displayed and edited in the User Portal.

../../_images/user_portal_notes.gif
  1. In the Data retention section, define automatic data removal settings.

    • Select Override global retention settings option to set different retention values for connections established using this account.
    • Change the global parameter value or uncheck the Delete session data option to exclude sessions from retention mechanism.
    • In the Move session data to external storage after, define the number of days after which the session data will moved to external storage device.
  2. In the Permissions section, add users allowed to manage this object.

  3. In the Server section, assign account to a specific server by selecting it from the Server drop-down list.

  4. In the Credentials section, enter privileged account domain.

  5. Type in login to the privileged account.

  6. From the Replace secret with drop down list, select desired option.

    secret from a different account

    • From the Account drop-down list, select account object, whose credentials will be used to authenticate user when establishing connection with monitored server.

    key

    • Click the i icon and select the key type.
    • Click the i icon and browse the file system to find the file with a non-passphrase protected private key.

    password

    • Provide account password.
    • Repeat account password.

    Note

    Two-fold authentication

    With two-fold authentication enabled, user is being prompted twice for login credentials. Once for authenticating against Fudo PAM and once again for accessing target system.

    To enable two-fold authentication, select password from the Replace secret with drop-down list and leave the password and login fields empty.

    password from external repository

    • Select external repository.
  7. Select the defined password changing policy from the Password change policy drop-down list.

  8. In the Password checkout time limit, define the time after which the password is checked-in automatically.

Note

Defining the password checkout time limit automatically enables the exclusive password checkout feature.

  1. Select Change password after last checkin option to change the password automatically after it has been checked in by the last user.

Note

This options is available only for exclusive password checkouts and it’s enabled after specifying the Password checkout time limit.

  1. Select Change password after session option to change the account password remotely after the session is ended.

Note

Choose Password change policy - any other than Static, without restrictions.

Refer to the Password changers topic for detailed information on setting up password changers.

Choose at least one Password changer.

  1. Select SSH Agent forwarding option to authenticate user against the target host using client’s SSH key.

Note

This option is availble only after selecting an SSH server. Use -A option for connecting to SSH server.

  1. Click Add password modifier, to have the password to the account changed automatically according to the password policy.

Note

Option to add a password changer is available after choosing an option to replace secret with a password.

  1. In the Password changer section, from the Password changer drop-down list select password changer specific for given account.
  2. In the Timeout field, define the script’s execution time limit.
../../_images/account_pc_modifier.png
  1. In the Variables section, assign attributes to variables.
../../_images/account_pc_variables.png
  1. Click Save.

Related topics: