Imprivata Privileged Access Management Product Update 2.3.202005032323

May 3, 2020

PAM Update: Added integration with Ansible and report mapping personal and privileged accounts for brokered sessions

This update adds an Ansible lookup plugin accessing PAM Vault to retrieve sensitive information and report mapping personal and privileged accounts for brokered sessions.

Added Ansible lookup plugin accessing PAM Vault to retrieve sensitive information

Ansible is a popular open-source agentless automation tool, or platform, used for IT tasks such as configuration management, application deployment, intra-service orchestration, and provisioning.

Ansible works by connecting to your nodes (such as computers or network devices) typically using SSH protocol to execute small scripts.

PAM server brokers Ansible calls as any other SSH commands using credentials managed by PAM vault.

In addition to the connection brokering option, this update brings the PAM Ansible lookup plugin capable to access secret data from PAM Vault as Ansible credentials or any other variables used in the Ansible playbooks.

See the documentation in the article Integrating PAM with Ansible referenced below about details of the configuration.

PAM integration with Ansible allows organizations to manage credentials in a central password vault shared among multiple stakeholders, including Ansible, based on permissions and access rules.

Added report mapping personal and privileged accounts for brokered sessions

One of the fundamental functions of the Privileged Access Management software is to map personal accounts to the privileged accounts restricted by role-based permissions, access rules and approval processes.

The new update adds the option to display the actual mapping between personal and privileged accounts for all sessions brokered by the system.

The privileged account to connect to the remote device might come from the record, it could be supplied by the user during connection or identified dynamically by the system during connection based on the configured rules.

Both session and session events reports now include the actual account used to broker the session at the time when the session was initiated.

The report provides the mapping between personal and privileged accounts as it was used in the actual sessions.