Skip to main content
Version: Axidian Privilege 2.10

Access to the Resource

The user console displays permissions to access the resources. For each permission the following fields are displayed:

  • Resource.
  • Type — connection protocol.
  • Address (IP or DNS).
  • Account — privileged account on whose behalf the session will be opened.

It is possible to sort any column and use the search. As you enter characters in the search box, matches will be displayed across all columns.

If the user has access to ad hoc resources, they will be displayed at the top of the list.

To connect to a resource you need to download the RDP file of this resource.  You can download it once and save this file to use for future connections. You can use this file as long as the permission is valid.

Another way to connect to a resource is to use RDP file of PAM Access Gateway. This file can be used to connect to resources regardless of available permissions because each time you connect to the gateway, an up-to-date list of resources will be displayed.

Clicking on a permission line displays additional information about the permission:

  • Validity period.
  • Access schedule.
  • Permission ID — unique number which identifies the permission.

Direct Connection to a Resource

  1. Click Connect to the right of the desired permission. This will make the RDP file started to download.
  2. Run the downloaded RDP file to access the resource.
  3. Authenticate and set up your connection.
info

For resources that can be connected via both types of connections (RDP and SSH), the Copy SSH command button is displayed by default. In this case, if you need to download RDP file, click first and then click Download RDP file for connection.

Connection to the Access Gateway

  1. Click Connect to access gateway. This will make the RDP file started to download.
  2. Run the downloaded RDP file to connect to the gateway.
  3. Authenticate and set up your connection.

Connection to the SSH Proxy

You can use any SSH client to connect to the SSH Proxy gateway.

  • Launch a SSH client.
  • Enter the SSH Proxy address and connect.
  • Authenticate.
  • Select a resource to connect.

Direct Connection via SSH

To the right of the desired permission to the SSH resource, click the Copy SSH Command. The SSH command for connecting to this resource will be copied to the clipboard.

You can also write the SSH command manually using the template below.

SSH Command Template

ssh [user-name]#[resource]#[account-name]#[reason]@[proxy-address]
  • user-name — username
  • resource — IP address or DNS of the target resource
  • account-name — name of the privileged account
  • reason — text of the reason for the connection. If it contains spaces, put it in quotation marks.
  • proxy-address — IP address or DNS of the SSH Proxy

You can omit any parameter except the proxy-address. In this case, the terminal will request these parameters one by one.

After executing the command, the terminal will ask for the user's password and TOTP.

SSH command Example

ssh james.miller#ubuntu#webmaster#"system configuration"@pam

Connection to an Ad Hoc Resource

Ad hoc resources are those resources that are not registered in the Axidian Privilege system. This type of connection allows to connect to any resources using connection types predefined by the PAM administrator.

  1. Click Specify connection address to the right of the required permission to the ad hoc resource.

  2. Select Connection type.

    info

    The available connection types are defined by the PAM administrator when granting permissions.

  3. Enter Connection address.

  4. Depending on the selected connection type, click one of the buttons: Copy SSH command or Download RDP file for connection.

info

If you have several permissions (with different connection types) to an ad hoc resource, and in the Connection to an ad hoc resource window in the Connection type field there are no required options, then check the Permission Access Schedule.

The connection type will not be displayed in the Connection type field if you are trying to connect via permission outside the hours specified in the Permission Access Schedule.

Setting a Password when Connecting

When connecting to a resource, you may be asked for a password.

This means that the account on behalf of which you are granted access to the resource does not have a password. You cannot connect to the resource with such an account. Contact your PAM administrator about connecting to this resource, as only the administrator can set the account password.

End of Session

To end the session, end the user's session on the resource, or right-click on resource in the Connections pane or on connection tab and select Disconnect menu item, or close the Remote Desktop window.