The Magic of PAM

One of the distinct advantages of Osirium PAM is its ability to deliver Privileged Access Management (PAM) to a very wide range of systems. For most administrative tasks, that means a secure SSH or RDP connection. In other cases, it’s about running specific applications in a privileged context, which is provided by Osirium’s Managed Application Proxy Server (aka “MAP Server”).

The “magic” that enables the integration with well over 100 different services and applications is known as “templates” which are freely downloadable from the Osirium website.

Always Discovering New Apps

Although there is that extensive library of templates, our Professional Services Team have recently seen significantly increasing demand for managing privileged access to custom, legacy and industry-specific browser-based user interfaces which they haven’t previously encountered.

It’s quite likely that those apps, because of their history, don’t have a great API or easily scriptable interfaces. But that doesn’t mean they have to be excluded from your Privileged Access Management strategy. Osirium has now introduced a solution that’s ready for almost every web application that needs access control.

The Universal Web Access Template

With the new ‘Universal Web Access Template’ it’s easy to build your own device definitions in PAM for the web applications you need.

The ‘Universal Web Access Template’ extends Osirium PAM in two places:

  • It expands the device connections options to include credential identifiers. These are typically the HTML IDs of the username and password field along with the button or element that initiates the login process.
  • The MAP Server scripts are extended to populate the ID referenced fields with credentials from Osirium PAM and then start the login process.

Building Your Template

There are a few simple steps to building your custom device template which is demonstrated in the video. Essentially, to configure the Universal Web Access Template, you’ll need to browse to the application login page and then use your browser’s ‘developer tools’ to inspect the credential elements. Take note of the element identifier names and then use these in the connection options when you are provisioning the device.

Although the user can see this process in operation, they can’t interact with it. This keeps the credentials safely away from the user’s domain. Once the login is complete, the MAP Server enables the keyboard and mouse channels from PAM. The user can now operate the application with a role-based account.

Now, you’ve got your custom or legacy web application under control along with all your other privileged servers and devices.

As always, if you’d like to know more, please get in touch.

Related Topics