Fudo Enterprise 6.0 Documentation [BETA]

Welcome!

The following are the enhancements and modifications introduced in version 6.0 of Fudo Enterprise. Remember to update to the latest available version to benefit from all improvements.

Note

The structure of this documentation has been adjusted to reflect the updated GUI layout and menu arrangement, making it easier to navigate and find relevant information.

Version 6.0 (Latest)

• Introduced Password Vault, a new module that extends Fudo Enterprise with centralized secret storage and credential lifecycle management.

  • Supports secure storage of passwords, SSH keys, API keys, certificates, and secure notes.

  • Organizes secrets in a hierarchical collection structure for easier management across teams and environments.

  • Provides RBAC-based access control to collections, allowing precise delegation of management permissions.

  • Offers a dedicated view of secret-related activity to improve auditability and support security investigations.

  • Integrates with Password Changers to enable automated password rotation for stored secrets.

• Introduced a modular licensing model for Privileged Session Management and Password Vault.

• Introduced Reverse Proxy, enabling secure SSH reverse tunneling to publish internal services without exposing the infrastructure to inbound connections.

• Added German and Uzbek as new user interface languages.

• Complete UI refresh - The entire Fudo interface has been redesigned with a modern, clean aesthetic featuring updated typography, refined color scheme, simplified navigation structure, and enhanced visual hierarchy for better usability and professional appearance.

• Redesigned data tables interface - All tables throughout the product have been modernized with improved filtering, sorting capabilities, column visibility management, and cleaner visual presentation for enhanced user experience.

• Added CHAP and MS-CHAPv2 as a new authentication method option for RADIUS external authentication, providing enhanced security and compatibility with Microsoft Active Directory environments.

• Added support for the PostgreSQL protocol, enabling the creation of dedicated PostgreSQL servers and listeners.

• Added TLS support for VNC.

• Added support for connecting to target servers through reverse SSH tunnels.

• Added support for anonymous accounts in sessions established through SSH tunnels, while preserving session attribution to the user who created the tunnel.

• Added support for a custom hostname in RDP sessions. The new RDP Config Domain field in the RDP listener configuration defines the hostname shown in the RDP client title bar.

• Added visibility into the source of each session. The new Access channel column in the Sessions tab shows which product or client was used to establish the connection.

• Added fullscreen mode support to the Webclient for a more convenient session view.

• The Webclient clipboard now allows sensitive content to be hidden using the eye icon, so copied values such as passwords do not have to be displayed in clear text.

• Added a delay after authentication failures to help prevent brute-force attacks.

• Upgraded the operating system base to FreeBSD 14.3.

• Updated the Angular framework used by the web interface to version 21, the current stable release.

• Performed additional maintenance updates to frontend dependencies.

• Updated the FreeTDS library to support newer TDS protocol versions.

• ShareAccess improvements:

  • Improved organization owner reassignment in ShareAccess by limiting the selection to users eligible to become the new owner.

  • Added file upload support to the ShareAccess Webclient for RDP sessions.

  • Notifications in the ShareAccess GUI now include resource names for improved clarity.

• Fudo Officer mobile app improvements:

  • Added support for additional push notification types, including session start, session end, and policy alert notifications.

  • Added support for Password Vault access requests in the mobile app.

  • Added the ability to configure which Fudo Enterprise notification types are sent as push notifications to Fudo Officer.

  • Added a notification history view with detailed notification screens.

  • Added unread counters for access requests and notifications in the profile switch view.

  • Improved connection error handling in the mobile app.

• Improved the User Report and User Access Report by excluding anonymous entries that are not relevant to the purpose of these reports.

• Improved performance when adding new entries to large routing tables.

• Improved performance when loading large access account lists in UAG.

• Restored the ability to change the order of user authentication methods in LDAP synchronization settings.

---

Table of Contents

• About Documentation
• Layout Themes of the Admin Panel
• Introduction
  • System Overview
    • Session Monitoring & Recording
    • Secret Management
    • Just-in-time (JIT) Access
    • Single Sign-on (SSO)
    • Agentless Convenient Access
    • Ai-powered Prevention
    • Productivity Analyzer
    • Rapid Deployment
    • Compliance Support
  • Available GUI Languages
  • Licensing
  • Supported Protocols
    • HTTP
    • Modbus
    • MS SQL (TDS)
    • MySQL
    • PostgreSQL
    • RDP
    • SSH
    • Telnet 3270
    • Telnet 5250
    • Telnet
    • VNC
    • X11
    • TCP
    • Secret Checkout
  • Deployment Scenarios
  • Connection Modes
  • User Authentication Methods and Modes
  • Security Measures
    • Data Encryption
    • Backups
    • Permissions
    • Sandboxing
    • Reliability
    • Cluster Configuration
  • Data Model
  • Dashboard
    • Widgets
    • Adding, Customizing and Removind Dashlets
    • Hard Drives Status Information
  • Third-Party Licenses
• System Deployment
  • Requirements
  • Hardware Overview
  • System Initiation
    • Virtual Machine
  • Accessing Fudo Enterprise Portals
    • Admin Panel
    • User Access Gateway
    • Supported Web Browsers
• Quick Start
  • SSH
    • Prerequisites
    • Configuration
    • Establishing Connection
    • Viewing User Session
  • SSH in Bastion Mode
    • Prerequisites
    • Configuration
    • Establishing Connection
    • Viewing User Session
  • SSH in Bastion Mode with Jump Host Option
    • Prerequisites
    • Configuration
    • Establishing a Connection
  • RDP
    • Prerequisites
    • Configuration
    • Establishing an RDP Connection with a Remote Host
    • Viewing User Session
  • RDP in Bastion Mode
    • Prerequisites
    • Configuration
    • Establishing an RDP Connection with a Remote Host
    • Viewing User Session
  • Telnet
    • Prerequisites
    • Configuration
    • Establishing a Telnet Connection with the Remote Host
    • Viewing User’s Session
  • Telnet 5250
    • Prerequisites
    • Configuration
    • Establishing a Telnet Connection with the Remote Host
    • Viewing User’s Session
  • PostgreSQL
    • Prerequisites
    • Architecture Overview
    • Configuration Steps
    • Establishing PostgreSQL Connection
  • MySQL
    • Prerequisites
    • Configuration
    • Establishing Connection with a MySQL Database
    • Viewing User Session
  • MS SQL
    • Prerequisites
    • Configuration
    • Establishing Connection with a MS SQL Database
    • Viewing User Session
  • HTTP
    • Prerequisites
    • Configuration
    • Connecting to Remote Resource
    • Viewing User Session
  • VNC
    • Prerequisites
    • Configuration
    • Establishing Connection
    • Viewing User Session
• Sessions
  • Filtering Sessions
    • Defining Filters
    • Saving Custom Filters
    • Applying Custom Filters
    • Editing Custom Filters
    • Disabling Filters
    • Deleting Custom Filters
    • Full Text Search
  • Viewing Sessions
  • Pausing Connection
  • Terminating Connection
  • Joining Live Session
  • Sharing Sessions
  • Commenting Sessions
  • Sessions’ Retention Lockdown
  • Exporting Sessions
    • Export Session File Formats
  • Deleting Sessions
  • OCR Processing Sessions
  • Session Data Replication
  • Session Timestamping
  • Require Approval for Access
    • Approving Pending User Requests
    • Declining Pending Requests
  • AI Behavioral Analysis in Sessions
  • Ai Session Summary [BETA]
• Access Requests
  • Awaiting Requests
  • Active Requests
  • Archived Requests
• Reports
  • System Reports
  • User Reports: Periodic and On-Demand
  • List of Predefined Reports
  • Subscribing to a Periodic Report
  • Unsubscribing from a Recurring Report
  • Generating a Report on Demand
  • Viewing and Saving Reports
  • Deleting Reports
• User Management
  • Users
    • Creating a User
    • Editing a User
    • Blocking a User
    • Unblocking a User
    • Deleting a User
    • Authentication Failures Counter
  • Groups (RBAC)
    • Access Resolution and Prioritization
    • Creating Group
    • Modifying Groups
    • Deleting Groups
  • Role-Based Access Control (RBAC)
    • Transition to RBAC After Upgrade
      • Understanding Privileges and Capabilities
      • Predefined Roles as a Starting Point
    • Creating Role
    • Assigning Roles to Users
    • Modifying Roles
    • Deleting Roles
    • Typical Role Scenarios and Required Privileges
      • Tab-Level Access Control Matrix
      • Dashboard Widgets Visibility
      • Sessions Tab Permissions
      • Downloads Tab Permissions
      • Safes Management
      • Discovery Tab Permissions
      • Access Request Permissions
      • Fudo Officer
      • Reports Tab Permissions
• Session Management
  • Servers
    • Creating a Server
      • Creating an HTTP Server
      • Creating a Modbus Server
      • Creating a MS SQL Server
      • Creating a MySQL Server
      • Creating a PostgreSQL Server
      • Creating an RDP Server
      • Creating an SSH Server
      • Creating a Telnet Server
      • Creating a Telnet 3270 Server
      • Creating a Telnet 5250 Server
      • Creating a VNC Server
      • Creating a TCP Server
    • Port Ranges in Server Configuration
      • Configuring a Port Range
      • Server Configuration Prioritization in Case of Conflict
    • Importing a Server List from CSV File
    • Editing a Server
    • Blocking a Server
    • Unblocking a Server
    • Deleting a Server
  • Pools
    • Creating a Pool
    • Deleting a Pool
  • Accounts
    • Creating an Account
      • Creating an Anonymous Account
      • Creating a Forward Account
      • Creating a Regular Account
    • Editing an Account
    • Blocking an Account
    • Unblocking an Account
    • Deleting an Account
    • Managing Security Alerts
      • Triggering Password Change
      • Ignoring Security Alert
  • Listeners
    • Creating a Listener
      • Setting up the SSH Listener
      • Setting up the RDP Listener
      • Setting up the VNC Listener
      • Setting up the HTTP Listener
      • Setting up the Modbus Listener
      • Setting up the MySQL Listener
      • Setting up the PostgreSQL Listener
      • Setting up the TCP Listener
      • Setting up the MS SQL Listener
      • Setting up the Telnet Listener
      • Setting up the Telnet 3270 Listener
      • Setting up the Telnet 5250 Listener
    • Editing a Listener
    • Blocking a Listener
    • Unblocking a Listener
    • Deleting a Listener
  • Safes
    • Creating a Safe
    • Editing a Safe
    • Blocking a Safe
    • Unblocking a Safe
    • Deleting a Safe
  • Discovery
    • Creating a Rule
      • Creating a Rule for Accounts
      • Creating a Rule for Servers
    • Managing Rules
    • Creating a Scanner
      • Creating a Scanner for Domain Controller Accounts
      • Creating a Scanner for Domain Controller Servers
      • Creating a Scanner for Local Accounts
    • Managing Scanners
    • Managing Discovered Accounts
    • Managing Discovered Servers
  • Remote Applications
    • Adding Remote Application
    • Adding Arguments
    • Connecting to Remote Application via Access Gateway
    • Granular Access to Remote Applications
    • Deleting Remote Application
  • Policies
    • Ai Module-Based Policy
    • Ai Module-Based Policy Examples
    • Regular Expression-Based Policy
  • Downloads
    • Sessions
    • Files
  • Productivity
    • Overview
    • Sessions Analysis
    • Activity Comparison
• Password Vault
  • Overview
    • Architecture Overview – Security Model
    • Password Vault Structure
    • Event Logging and Audit Trail
  • Collections
    • Creating Collections
    • Nesting Collections
    • Accessing Collection Editing
      • Edit Collection Panel
    • Assigning Users and Groups to Collections
    • Managing Collection Object Rights
      • Assigning Object Rights to Users
      • Assigning Object Rights to Roles
    • Collection Notifications
    • Deleting Collections
  • Secrets
    • Creating Secrets
    • Importing Secrets
    • Accessing Secret Editing
      • Edit Secret Panel
    • Moving Secrets Between Collections
    • Deleting Secrets
    • Assigning Password Vault Secrets to Accounts
  • Secret Access Monitoring
    • Overview of the Secret Access Tab
    • Event Types and Status Indicators
    • Filtering and Reviewing Events
  • Password Changers
    • Password Changer Policy
      • Defining a Password Changer Policy
      • Editing a Password Changer Policy
      • Deleting a Password Changer Policy
    • Custom Password Changers
      • Defining a Custom Password Changer
      • Editing a Custom Password Changer
      • Deleting a Custom Password Changer
    • Importing and Exporting Password Changers
      • Exporting a Password Changer
      • Importing a Password Changer
    • Connection Modes
      • SSH
      • LDAP
      • Telnet
      • WinRM
    • Setting up Password Changing on a Unix System
• Settings
  • System
    • Date and Time
    • SSL Certificates
    • SSH Access
    • Configuration Encryption
    • SNMP
      • Configuring SNMP
      • Configuring SNMPv3 TRAP
      • SNMP MIBs
      • Getting SNMP readings using snmpwalk
      • Fudo Enterprise Specific SNMP Extensions
    • Trusted Timestamping
    • Password Changers - Active Cluster Node
      • Cluster Password Changers
    • Sensitive Features
    • Configuring an HTTP Proxy
    • System Update
      • Updating System
      • Restoring Previous System Version
      • Deleting Upgrade Snapshot
    • Hotfix
    • License
    • Diagnostics
    • Exporting/Importing System Configuration
      • Exporting System Configuration
      • Importing System Configuration
  • Network Settings
    • Reverse Proxy
      • Prerequisites
      • Configuration Steps
      • User Access Gateway Connections
      • Enabling and Disabling Reverse Proxy
      • Reverse Proxy Status Indicators
      • SSH Tunnel Operation
      • Workflow Recommendation
      • Internal Routing Behavior
      • Security Considerations
      • Troubleshooting
    • Network Interfaces Configuration
      • Managing Physical Interfaces
      • Defining IP Address Using System Console
      • Setting up Virtual Networks (VLAN)
      • Setting up Link Aggregation (LACP)
    • Labeled IP Addresses
    • Routing Configuration
    • DNS Configuration
    • ARP Table Configuration
  • Notifications
    • Configuring the SMTP Server
  • Artificial Intelligence (AI)
    • AI Behavioral Analysis
      • Configuring Models Trainers
      • Behavioral Analysis Models
    • AI Session Summary [BETA]
  • Authentication
    • External Authentication Server Definition
      • Active Directory
      • LDAP
      • Cerb
      • Radius
      • Assigning an External Authentication Method to a User
      • Second Authentication Factor
    • OpenID Connect Authentication Definition
    • Global Authentication Settings
      • Default Domain
      • Deny New Connections
      • Password Complexity
      • OATH Authentication Definition
      • SMS Authentication Definition
      • DUO Authentication Definition
      • Single Sign On
      • Kerberos Authentication Settings
  • External Passwords Repositories
    • CyberArk Credential Provider
    • Thycotic Secret Server
    • Local Administrator Password Solutions (LAPS)
  • External Storage
    • Configuring External Storage
    • Expanding External Storage Device
  • Resources
    • RDP/SSH/VNC Login Screen Configuration
    • User Portal Configuration
      • Login Screen Configuration
      • Predefined Keyboard Layout
  • Backup and Retention
    • Session Data Backup
    • Data Retention
  • Cluster Configuration
    • Session Data Replication and Behavior in the Event of a Node Failure
    • Cluster Initialization
    • Adding Cluster Nodes
      • Cluster Initialization and Adding Nodes
      • Setting Relationships Between Nodes
      • Linking Nodes with the Initial Node
      • Cluster Initialization Completion Verification
    • Cluster Expansion with New Nodes
    • Editing Cluster Nodes
    • Removing Cluster Nodes
      • Removing a Node from the Cluster
      • Rejoining a Removed Node
    • Redundancy Groups
    • Checking Session Replication Status
  • Users Synchronization - User Directory
    • Configuring Users Synchronization Service
    • Disabling Data Synchronization for User
    • Kerberos Support for Active Directory
  • Certificate-based Authentication Scheme
  • Login Timeout
  • System Version Restore
  • System Reboot
  • Changing Encryption Passphrase
  • Integration with CERB Server
  • System Maintenance
    • Backing up Encryption Keys
    • Monitoring System Condition
    • Health Check
      • API Health Check
    • Callhome
      • Data Collected by Callhome Service
      • The Benefits of Using Callhome
      • Enable/Disable Callhome
    • Hard Drive Replacement
    • Resetting Configuration to Default Settings
• Events Log
  • Filtering Logs by Date and Time
  • External Syslog Servers
  • Exporting Events Log
• Account Activity in the User Access Gateway (UAG)
• Reference Information
  • RDP Connections Broker
  • Log Messages
  • Footer Information
• Fudo Officer 2.3
  • Configuration
  • Managing Profiles
    • Add New Profile
    • Switch Profiles
    • Edit Profile
    • Delete Profile
  • Managing Session Requests
    • Awaiting Requests
    • Active Requests
    • Revoking Request
    • Archived Requests
  • Notifications
    • Notifications Tab
    • Configuring Application Notifications
  • Settings
    • Biometric Authentication
    • Change PIN Code
    • Two-Factor YubiKey Authentication
    • Language
• Fudo ShareAccess
  • Data Model
  • Pairing Fudo Enterprise with Fudo Shareaccess
  • License
    • Trial License Activation
    • Requesting a License
    • Uploading License File
  • Manage Fudo ShareAccess Members
    • Inviting Members
    • Verifying Members Status
    • Creating an Account Without an Invitation
    • Revoking Members Status
    • Deleting Members
  • Manage Access to Resources
• Client Applications
  • PuTTY
  • Microsoft Remote Desktop
  • TightVNC Viewer
  • SQL Server Management Studio
• Troubleshooting
  • Booting Up
  • Connecting to Servers
  • Logging to Administration Panel
  • Session Playback
  • Cluster Configuration
  • Trusted Timestamping
  • Support Mode
• Use Cases
  • Two-Factor OATH Authentication with Google Authenticator
    • Protocols Supporting OATH Authentication Method
    • Configuring the OATH Authentication Method
  • OpenID Connect Authentication Definition with Microsoft Entra (Azure)
  • Remote Desktop Services Configuration on Windows Server for Fudo Enterprise
    • Setup Remote Desktop Services (RDS) on Windows
    • Setup Fudo Enterprise - Bastion Scenario (Recommended)
    • Setup Fudo Enterprise - Proxy Scenario
  • Managing RDP Server Certificates in Windows Server
    • Locating the Server Certificate in Windows Server
    • Providing the CA Certificate
  • Configuring the Single Sign On (SSO)
    • SSO Configuration on Windows Server 2019
    • Setup Fudo Enterprise
    • Setup and Check User Workstation - Windows2010 Client
  • Handling Local Account Password Changes Using a Domain Account with WinRM Password Changer
    • Hostname and DNS Server Configuration
    • Adding a KDC Server
    • Server Configuration
    • Adding a Password Change Policy
    • Administrator Account
    • Account for Which the Password Will Be Changed
  • Configuring Kerberos Constrained Delegation for MSSQL(TDS) Server
    • Kerberos Authentication Configuration on Windows Server
    • Setup Fudo Enterprise
    • Establish a Connection
  • Establishing Connections to Servers via SSH Tunnel in Fudo Enterprise
    • General Requirements
      • Establishing an SSH Connection
      • Establishing an HTTP Connection
      • Connecting to an Oracle Database
• Frequently Asked Questions
• Glossary