Imprivata Privileged Access Management Product Update 2.3.202002231453

February 23, 2020

PAM Update: Added guest account access option for SSO logins and audit log for SSH Proxy authentication events

This update adds a guest account option when integrating with external user directories and audit logs for SSH Proxy authentication events.

Added guest account option for SSO logins

This update adds support to grant (possibly temporary) guest access to the system for the users authenticated through external user directories using a single sign-on mechanism.

The option works by creating local user accounts possibly with the expiration time in the future for the users successfully authenticated in the external user directories.

Owners can grant access to assets to the guest account after activation.

Guest accounts can be members of local user groups.

Use the property xtam.user.guest.enabled=true to enable the feature. Use the property xtam.user.guest.ttl=TTL to enable a time limit for the newly created accounts.

Use zero in TTL for the permanent account; otherwise, specify expiration time in number+time unit (5d11h or 25m).

Allowed units are d-days, h-hours, m-minutes, s-seconds. If no time unit is specified then the value is considered to be in milliseconds.

Added SSH Proxy login, logout, MFA and authentication failure audit log events

This update adds login, MFA, authentication failure and logout audit log events to SSH Proxy connections made by native SSH clients to track user authentication activities.

The option allows to track failed authentication attempts as well as successful login, logout, first and second-factor authentication events in relation to the client IP address as well as the user.

Added inherited fields to display to record type configuration screen

This update adds support to display the fields inherited from the parent record types when editing record type together with the record type own fields to visualize the record edit and view screens.

Record types derived from selected parent record types inherit all fields of the parent type to simplify the record type maintenance and configuration.

The update visualizes inherited fields from the parent record type on the record type management screen to provide a better understanding of the record type structure.