Book Demo!

Xton Access Manager Product Update 2.3.201910132229

Today we released new update to the Xton Privileged Access Manager software. This update adds support for SMS and TOTP based shared Virtual MFA and support for single remote application sessions for Windows RDS servers.

Added support for SMS based shared Virtual MFA

New update extends Virtual MFA support by adding an option to share the phone number to receive SMS notifications for second-factor authentication. The option provides role based access as well as just in time access to the shared privileged accounts protected with the second-factor authentication. It allows to enable MFA option for privileged accounts significantly increasing security of the IT infrastructure. The SMS access is logged in the system audit log to track the use of the service.

The Virtual SMS MFA implementation is based on the Twilio service and requires Twilio subscription. The integration is implemented with Groovy script that could be adjusted after deployment to integrate with different SMS service.

Virtual SMS MFA is an XTAM record type hidden in the default installations so it should be enabled in the Administration / Record Types list. Records of the Virtual SMS MFA record type include the only field Number for the phone number that can receive SMS accessible using REST API implemented by the Groovy script. When saved, the Virtual SMS MFA record includes the only available task in the Execute menu: Access SMS Code for MFA that pops up a window with the token visible on the screen.

To configure Twilio SMS service use the following parameters in $XTAM/web/conf/catalina.properites

xtam.integration.sms.user=ACCOUNT-SID
xtam.integration.sms.password=AUTH-TOKEN
xtam.integration.sms.url=https://api.twilio.com/2010-04-01/Accounts/{xtam.integration.sms.user}/Messages.json
xtam.integration.sms.script=Twilio Integration
Added support for TOTP based shared Virtual MFA

New update adds the option to store Time-based One-Time Password (TOTP) secret key in a record with the option to generate RFC 6238 TOTP tokens on demand. The option allows to enable multi-factor authentication for shared privileged accounts. Shared MFA token generation is granted to selected users using role-based access control as well as location, time and approval based workflow. The TOTP generation is logged in the system audit log to track the use of the service.

Virtual TOTP MFA is an XTAM record type hidden in the default installations so it should be enabled in the Administration / Record Types list. Records of the Virtual TOTP MFA record type include the only field Secret Key. When saved, the Virtual TOTP MFA record includes the only available task in the Execute menu: Generate TOTP Token that pops up a window with the token visible on the screen.

Users using the service need to have a View and Execute permission to Virtual TOTP MFA records. This way, these users can generate TOTP without the option to unlock the secret key. User access might further be restricted by applying Task Control workflow binding to limit time, location of the service use or require human or automatic approval process.

Added support for single remote application sessions for Windows RDS

The update added support for single remote application sessions published on Windows RDS servers including high-trust access as well as events and session recording. The option allows to run published applications on RDS server using RDP RemoteApp protocol while providing role based and just in time access to the application sessions using single-click action. The system establishes a session to a single published application without the option to see or interact with the rest of the desktop.

To configure the launch of a remote application on the RDS server create a record type inherited from Windows Host record, set the Session Manager to RDP and add a String field with the name Command and display name RemoteApp Program Location. When creating a record based on this record type, in addition to Windows Host host, user and password parameters specify full path to the published application to run. Example values include calc for calculator (the executable will be found by the system PATH) or C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio\Ssms.exe for MS SQ Studio.

https://www.xtontech.com/resources/xton-access-manager-release-notes/

Please review key features documentation and product news using the links below

The software requires about five minutes to install on a freshly built Windows or Linux server or desktop with 1+ Gb RAM and no pre-requisites. After installation, please follow our Getting Started Guide for step-by-step introduction to the application.

Read the product documentation including Windows and Linux installation instructions as well as Getting Started Guide: https://www.xtontech.com/resources/documentation/

Follow this link for the instructions how to update the existing setup: https://www.xtontech.com/resources/faq/updating-xton-access-manager-version/

Check the software pricing, including options and licensing FAQ: https://www.xtontech.com/store/

We appreciate your feedback and comments about Xton Access Manager and also about handling privileged accounts, passwords, keys and certificates as well as sessions to remote computers in general.

Thank you for your interest in our product.
Xton Technologies team

Download Today!

Xton Access Manager for Privileged Access Management (PAM) provides complete, control for your privileged passwords, secrets, certificates and documents to meet audit requirements while limiting your risk of security breaches. It’s easy to install, affordable, cloud-ready and offers unlimited use and storage

Please fill out this form to receive a download link to get started today, even on your current desktop or laptop. Documentation is available to help or you can email or call us to request a trial extension, discuss questions and share your feedback. We would love to talk to you.

Please fill out the form below to download Xton Access Manager.

What interests you most about Xton Access Manager?

Trial registration may take up to 30 seconds to complete. Please do not Refresh this page after submitting.


Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

Product Update

XTAM Update: Added Duo Security MFA to SSH Proxy access using native SSH clients, Quick View for records and copy folders with sub-folders

Xton Access Manager Product Update 2.3.201911102225 Today we released new update to the Xton Privileged Access Manager software. This update adds Duo Security as an MFA option for SSH Proxy access using native SSH clients, Read more…

Product Update

XTAM Update: Added the option to stream session events to syslog or SIEM systems

Xton Access Manager Product Update 2.3.201911032222 Today we released new update to the Xton Privileged Access Manager software. This update adds the option to stream session events to syslog or SIEM systems. Added the option Read more…

Product Update

XTAM Update: Added task execution policy to trigger job after session completion

Xton Access Manager Product Update 2.3.201910272209 Today we released new update to the Xton Privileged Access Manager software. This update adds task execution policy to trigger a job after session completion with the option to Read more…

Copyright © 2019 Xton Technologies, LLC. All rights reserved.