Privileged Access Management protects privileged credentials, Osirium’s MAP Server protects applications being run with privileged accounts. Automation takes the protection to a new level by encapsulating the work being done while using privileged credentials. By automating tasks, the user can’t do anything they shouldn’t, policies are enforced, and full audit trails maintained.
Safely Delegate Privileged Work
With the confidence that users can’t do anything they shouldn’t, credentials are always protected, and that there’s always a full audit trail, it becomes safe to delegate tasks. For example, the Active Directory expert doesn’t have to be involved in every account reset, that task can be delegated to a first-line Help Desk engineer to provide a better service to the end users and free up valuable expert admin time.
Secure Privileged Access
Osirium Automation uses credentials stored in secure vaults such as Osirium PAM or HashiCorp. Those credentials are protected within the Automation task and never exposed to the users or across the network to the user's workstation.
Automate Anything (almost)
Osirium Automation is a highly flexible automation environment that can address many IT and business challenges. Typical uses range from account management in Active Directory to managing firewalls, to account re-certification for audits to performing regular server health checks. You can see some typical examples here.
Automate Complex Operations
Many operations in IT need updates to multiple services or devices to be coordinated. For example, to provision accounts for a new starter a broad range of systems from Office 365 to HR systems to VPN servers need to be set up before the new hire can get to work. Similarly, when someone moves between teams or leaves the organization, those accounts need to be updated or removed. With Osirium Automation, a single task can update all the systems in one operation and a full audit trail is maintained without having to review multiple logs.
Wide Protocol Support
Automation tasks (or “playbooks”) can integrate with a broad ranges of existing IT systems and devices via their native protocols such as REST, API, SSH or command lines. A rich set of plug-ins for common systems is available from the PPA Resource Hub and new plug-ins can be built as needed.
Build Your Own Playbooks
All Automation are built using a “low-code” environment, using YAML. Automation includes a playbook development environment for easy development and testing of new playbooks. Existing playbooks are available in the PPA Resource Hub which are ready to use or can be the base of new tasks. When ready, the playbooks can be published for the rest of the organization to access – if they have suitable access rights.
Control Who Can Access Playbooks
All playbooks are assigned to groups so they can only be used by members of that group. For example IT Help Desk engineers use the AD management tools, and HR staff use the “New Joiners” tasks.
Integrate With Existing Systems
Osirium Automation tasks can be integrated with existing service desk management tools, such as ServiceNow. Existing change review procedures can be used and, once the change request has been approved and delegated, the Automation task will be executed and the change request in ServiceNow updated with the audit trail. Similarly, tasks intended for end-user self-service, such as password reset could be integrated with a corporate intranet portal. Note that Osirium Automation API credits are needed for this integration. Please contact Osirium for more information.
Schedule Regular Tasks
Osirium Automation is ideal for performing tasks that have to be performed regularly. An example might be checking that a server is healthy. The traditional method might be to login in to server (via PAM), run a series of commands to ensure the server process is running OK, download a log to keep as an audit trail, then logout. That seems like a short sequence but could easily take 10 minutes or more. And that’s only for one server. If there are 10 or 100 servers to check, and the check has to happen every day, or even every hour, that’s a massive effort for the IT team. With Automation, each server health check may take seconds or a few minutes to complete and they can be scheduled to run automatically. Humans only need to get involved if the check raises an alert because a server needs attention.
Automation included with Osirium PAM
Osirium PAM includes three user licenses for Automation. Additional user subscriptions are available from Osirium.
Get Osirium PAM for free!
Secure your infrastructure with the fastest to deploy Privileged Access Management solution. Introducing PAM Express from Osirium. For free, for 10 servers or network devices for production use.