Imprivata Privileged Access Management Product Update 2.3.202008302308
August 30, 2020
PAM Update: Adds AWS API temporary keys generator, option to customize Search Center, and Request Reason field to session reports
This update adds AWS API temporary keys generator, option to customize Search Center, and Request Reason field on session reports.
Added the option to generate temporary Amazon Web Services AWS API access keys
The update added the option to generate AWS STS Temporary AWS API access keys (Access Key Id and Secret Key pair) for the specified duration based on the provided superuser access keys.
The option enables Just in Time access for users, applications, command-line utilities and automation software to communicate with Amazon Web Services with the least possible standing privileges.
To utilize the functionality, enable (hidden by default) AWS API STS Temporary Access record type to support temporary key generation option.
With the AWS.STS.Temporary key script including the fields:
- AccessKeyId
- SecretKey
- Duration (optional)
- STSEndpoint (optional)
- STSRegion (optional)
The temporary key is created using sts.amazonaws.com endpoint optionally overwritten by system parameter xtam.aws.sts.endpoint is optionally overwritten by Record field STSEndpoint to support multiple regions.
The temporary key is created in us-east-1 region optionally overwritten by xtam.aws.sts.region system parameter is optionally overwritten by the record field STSRegion.
Added the option to customize Search Center
The update adds Initial Query Type preference in a user profile to customize the appearance of the search center on the record list screen to streamline the user search experience.
Administrators can define the default Initial Query Type value for all users in the organization using the Administration / Settings / Parameters / Initial Query Type field.
Added Request Reason field to session reports
The update adds optional field Request to the Record and System Sessions and Session Events reports displaying the reason for the session request.
This important piece of the session metadata allows to quickly isolate sessions of interest for auditing or investigation purposes.
The field on the WEB report is represented as a link leading to the request detail screen displaying information about request metadata and approvers.
The update also adds the Request Reason field to the CSV and PDF exports of sessions and session events reports.
Fixed the issue with SSH Proxy connectivity to remote servers under certain network conditions
The update adds several properties to customize behavior of the SSH Proxy connections to the remote servers in a situation with slow network latency.
| Property | Default | Description |
|---|---|---|
| xtam.ssh.proxy.connect_retry_count | 2 | Number of times SSH Proxy will retry connecting to remote server |
| xtam.ssh.proxy.auth_retry_count | 5 | Number of times SSH Proxy will retry authenticating PAM user |
| xtam.ssh.proxy.connect_retry_timeout | 10 | Number of seconds SSH Proxy waits before retrying to connect to remote server progressively increasing with each retry (10 seconds after first failed attempt, 20 seconds after seconds one, 30 seconds after third one) |
| xtam.ssh.proxy.auth_retry_timeout | 10 | Number of seconds SSH Proxy waits before retrying to authenticate PAM user progressively increasing with each retry (10 seconds after first failed attempt, 20 seconds after seconds one, 30 seconds after third one) |
