Creating a safe

Warning

Data model objects: safes, users, servers, accounts and listeners are replicated within the cluster and object instances must not be added on each node. In case the replication mechanism fails to copy objects to other nodes, contact technical support department.

  1. Select Management > Safes.
../../_images/safes_add.png
  1. Click Add.
../../_images/safe-new.png
  1. Enter object’s name.
  1. Select Blocked option to disable access to object after it’s created.
  1. Select system events, about which you want to be notified.

Note

  • Notification settings are applied only to the currently logged in Fudo PAM administrator/operator (user with a superadmin, admin or operator role). Each system administrator/operator must log in to Fudo PAM web interface and adjust their settings individually to receive notifications regarding a particular safe.
  1. Select Login reason option, to display prompt upon logging in, asking user to enter login reason.

Note

Login reason is not supported in HTTP connections.

  1. Select Access request required votes option and provide a number of voters. This option enables a so called Just-In-Time feature that allows defining and scheduling the time when a user is allowed to access specific resources for a set time period. The user sends requests via the portal and the voters accept or reject them on an admin panel. Read more about the Just-In-Time feature in a Requests section.
  2. Select Require approval option to have the administrator approve each connection to servers accessed through configured safe. Provide how many minutes the administrator has to approve or reject a request.
  1. Assign security policies in the Policies field.
  2. From the Note access drop-down list, select user access rights to account related notes.

Note

Notes can be accessed either from the account edit form

../../_images/notes_account_form.png

accounts list

../../_images/notes_accounts_list.png

or in the User Portal.

../../_images/notes_user_portal.png
  1. Select Session time limit option and input a minutes value.
  2. Select Session inactivity limit option and input a minutes value.
  3. For RDP and SSH-based safes, select Web Client option to allow connecting to the session in browser.
  4. Select a Backup target as a destination place for storing data.

  1. In the Protocol functionality section, select allowed protocols’ features.
../../_images/safes_general_functionality.png

Note

With the Suspend option enabled, session content will not be available for viewing when the user minimizes its client application.

With the Client Cut Text option enabled for the VNC sessions, a user is allowed to paste text into the VNC server computer.

With the Server Cut Text option enabled for the VNC sessions, a user is allowed to copy and paste text from the VNC server computer into the user’s computer.

  1. Select Users tab to assign users allowed to access accounts assigned to this safe.
  1. Click Add user.
../../_images/new-safe-users-n.png
  1. Click i next to desired user to enable server access over monitored safe.
../../_images/safes-add-users-modal-n.png
  1. Click ok to close the modal window.

  2. Define safe access options.

    ../../_images/safes-users-add-n.png
    • Click . to define the timeframe when given user can access this object.
    • Click . to define daily access policy.
    ../../_images/time_access_policy.gif
    • Click . to allow user to use Secret Checkout feature and view passwords in the User Portal.
    • Click . to disable access for selected user.
    • Click . to delete selected user from the safe.
  3. Select Granted users tab to assign users allowed to manage this object.

  4. Click Add user.

  5. Click i next to desired user to enable server access over monitored safe.

../../_images/safes-add-granted-users-modal-n.png
  1. Select notifications that will be enabled for the particular granted user:
../../_images/safe-granted-users-notifications.png
  1. Click ok to close the modal window.
  2. Select Accounts tab to add accounts accessible through this safe.
  3. Click Add account.
../../_images/safes-add-accounts-n.png
  1. Click . to add accounts.
  2. Click ok to close the modal window.
  3. Click . to assign listeners to accounts.
../../_images/safes-assign-listener-n.png
  1. Click . to add listeners.
../../_images/safes-listeners-add-n.png
  1. Click ok` to close the modal window.
  2. Click Save.

Related topics: