Imprivata Privileged Access Management Product Update 2.3.201912222243

December 22, 2019

PAM Update: Added Radius MFA support for native clients and MFA support for non-interactive native SSH, SFTP or RDP clients

This update adds Radius MFA support for connections made by native SSH or RDP clients and also adds MFA support for connections made by non-interactive native SSH, SFTP or RDP clients.

Added Radius MFA support for connections made by native SSH or RDP clients

This update adds Radius MFA (including RSA MFA) support for connections made by native SSH or RDP clients such as PuTTY, Unix shell, MobaXTerm, MS RDP and others in addition to the previously available TOTP (Google Auth, etc) and Duo Security options.

Extending MFA support for native clients to Radius-based devices allows organizations to further ensure proper authentication of administrators accessing critical infrastructure.

Added MFA support for connections made by non-interactive native SSH, SFTP or RDP clients

This update adds MFA support for connections made by non-interactive native SSH, SFTP or RDP clients that do not prompt for the second factor such as many SFTP clients (WinSCP, FileZilla, etc), native RDP applications (mstsc, mRemoteNG, etc).

The option to use native clients to access critical infrastructure dramatically improves the adoption of cyber-security best practices.

However, many of these traditional native clients do not include facilities to prompt users for the second factor before logging in.

This update enables these natively non-MFA applications to benefit from second-factor authentication when accessing sensitive resources right from the administrators desktop.

To activate this feature, use the connection string at the login prompt in the format user#MFA#record-search with the potential alternatives for the separator as #, % or : . MFA token in the login string might be current TOTP, Duo scratch code, Radius token or keywords like auto, push, or phone to initiate the MFA process.