Configuration
Licenses
The section contains Axidian Privilege licensing information.
The section displays the following data:
- Installation ID — a unique installation code is required to generate a license.
- User licenses available — total number of user licenses.
- User licenses used — total number of licenses used.
- Resource licenses available — total number of resource licenses.
- Resource licenses used — number of licenses used.
The following data is displayed for each license:
- Start date — license start date.
- End date — license expiration date.
- User licenses — total number of user licenses.
- Resource licenses — total number of licenses used.
- Issue date — license release date.
Add License
Click Add and select a license file.
Removing Licenses
Mark the required license and click Delete.
System Settings
- Blocking when entering incorrect OTP
- Scheduled jobs
- Video
- Sessions
- Gateway connections
- SSH Proxy
- Syslog
| Option | Description |
|---|---|
| Number of failed OTP access attempts allowed | After exceeding this value the user will be temporarily blocked, i.e. will not be able to enter OTP. Min value: 0 Default value: 10 Max Value: 99 0 means that no blocking is applied, i.e. the number of input attempts is not limited. |
| Lockout duration | Defines the period of time after which the user will be unblocked and will be able to enter OTP again. Min value: 1 Default value: 10 Max Value: 9999 |
| Option | Description |
|---|---|
| Account checking start time | At this time Axidian Privilege will start checking all active accounts in the Managed state |
| Resources and accounts syncing start time | At this time Axidian Privilege will start resource information syncing and accounts syncing for resources and domains |
| Account password reset start time | At this time Axidian Privilege will generate new passwords for accounts |
| Service connection checking start time | At this time Axidian Privilege will start checking service connection to resources and domains |
| Session log rotation start time | At this time Axidian Privilege will start session log rotation |
| Option | Description |
|---|---|
| Video recording codec options | The libx264 codec is used by default with the following settings: libx264 -preset medium -tune zerolatency |
| Video streaming codec options | The libx264 codec is used by default with the following settings: libx264 -g 10 -tune zerolatency |
| The duration of the recorded video segment, sec. | You can set the duration at which the video will be saved as an independent segment, the default is 3600 |
| Option | Description |
|---|---|
| Gateway connection timeout, sec. | Time after which connection will be closed if gateway isn't responding. Set the value to 0 if you do not want the connection to be interrupted |
| Time to connect, min. | Close session on the Gateway if a user did not connect to the resource |
| Legal notice | That text will be shown to user before session. Leave it empty if you don't need it |
| Maximum amount of sessions per user | Limiting the number of concurrent open sessions per user, 0 is the default with no limit |
| Notify user about session termination | The user will be notified before the session ends |
| Notifications threshold | Notification will be shown for the specified time before the session expires |
| Notification interval | Interval between notifications about expiring session |
| Option | Description |
|---|---|
| RDCB address | IP address or DNS name of Remote Desktop Connection Broker |
| RDCB collection name | Remote Desktop Connection Broker collection name for Axidian Privilege Gateway |
| Use RDGW | Check it for connecting to Axidian Privilege Gateway with Remote Desktop Gateway |
| RDGW address | Remote Desktop Gateway address for Axidian Privilege Gateway |
| Gateway RDP file parameters | These parameters will be added to RDP connection settings for Axidian Privilege Gateway. They will replace old ones |
| Option | Description |
|---|---|
| SSH Proxy address | IP or DNS, port (required) Default port: 2222 |
| Option | Description |
|---|---|
| Syslog server | IP address or DNS name of Syslog server |
| Port | Syslog server port |
| Protocol | Network protocol for connection to Syslog server: TCP, UDP |
| Format | Event format used by syslog server: CEF, LEEF |
| Syslog version | IETF standart of Syslog protocol: RFC3164, RFC5424 |
User Connection
The section contains data about user connections. RDP, SSH, Telnet connections are built-in and cannot be changed or deleted.
Adding New Connection Types
To add a new connection type, you need to research the client application and develop a template for Axidian Privilege ESSO Agent. The new connection type is unique for each application, for development please contact Technical Support.
Service Connection
The section contains data on service connections. All the service connections except SSH is built-in and cannot be changed or deleted.
Adding a Service Connection with SSH Type
The service operations template is unique for each *nix distribution. The distribution includes templates for SUSE Linux Enterprise Server, FreeBSD, CentOS, and Ubuntu in the ..PAM_2.10.0\axidian-pam-tools\ssh-templates\ folder.
If you need help with development of the new template, please contact Technical Support.
Network Location
The section contains information about adding network locations to limit the use of resources issued by addresses.
Adding the Network Location
Click Add.
Enter a Name and add the Network addresses of the resources to which you want to issue a limited connection.