Imprivata Privileged Access Management Product Update 2.3.201907212231

July 21, 2019

PAM Update: Added HTTP Proxy traffic recording and the option to distribute large volume of job executions over long time

This update adds support for HTTP(s) traffic recording of high-trust sessions from client-side browsers to WEB Portals and the option to distribute a large volume of job executions over a long time range.

Added support for HTTP(s) traffic recording of high-trust sessions from client side browsers to WEB Portals

This update brings the option to record HTTP(s) traffic originated from client browsers to WEB Portal through the system HTTP proxy server.

Traffic recording is saved in the portable HAR format that could be viewed by the third party online or offline viewers.

The recordings include transferred data and details of the protocol such as headers, cookies, URLs as well as timing information.

Recordings are enabled for the sessions with the permissions Connect and Always Record.

Examples of online viewers of HAR files include G Suite Toolbox HAR Analyzer and HTTP Archive Viewer.

Note that the system HTTP Proxy server, in addition to the traffic recording, supports high-trust login to the destination WEB Portals that allows secure distribution of privileged shared access to remote WEB Portals.

Added the option to distribute a large volume of job executions over a long time

The update adds a Periodic in Range task execution policy for the system tasks allowing to schedule jobs at random days within the given interval.

This option allows to distribution large volume of scheduled jobs over long intervals to reduce the load on the network and servers.

For example, periodic password reset jobs for several thousands of network computers could be scheduled over the three month period with the password reset interval will fall into the range from one to three months.

Added the option to control the command to elevate privilege in the SSH/SU session

The update adds the option to control the command to elevate privilege in SSH/SU session to run through sudo execution or directly executing su utility.

The option is controlled by the record-level field Type: Checkbox, Name: sudo, Display Name: Use sudo, Order: 620 on Unix with SU record type or its inherited derivatives.

With this option enabled, the system will use exec sudo su – user command to elevate user privilege instead of the default exec su – user command.