Skip to main content
Version: Axidian Privilege 3.2

First Launch

After the first login, go to the Roles section and add the current user to the Administrator role, refresh the page and make sure all the sections of the administrator console are available to you.

Check users presence
  1. Go to the Users section.
  2. Click magnifying-glass-search-icon.
  3. Make sure that all users from the specified organizational unit are displayed correctly.
License the installation
  1. Go to ConfigurationLicenses section.
  2. Copy the value from the Installation ID field.
  3. Send this value to technical support and ask them to generate a license file.
  4. Wait for a response from technical support with a license file in the PAM_yyyy.mm.dd.lic format.
  5. In the ConfigurationLicenses section, click Add and attach the received license file.
Fill in the component addresses
  1. Go to ConfigurationSystem Settings section.
  2. In the Connect to Gateway section, specify the RDCB Address and RDCB Collection Name.
  3. In the RDP Proxy section, specify RDP Proxy Address.
  4. In the PostgreSQL Proxy section, specify the PostgreSQL Proxy Address.
  5. In the SSH Connection Settings section, specify the SSH Proxy Address.
  6. Save the changes.
Check events
  1. Go to the Events section.
  2. Make sure the event of configuration settings change is displayed.
Define the operation of text logging

If you chose not to install the Axidian PAM Agent component, go to PoliciesSessionsArtifacts and perform one of the following:

  • disable the Save text session logs option;
  • enable the option Continue RDP session without logging if unable to get text log.

If there are no errors, then you can proceed to adding objects.

Adding the Domain

  1. Go to Domains section, click Add.
  2. Enter the domain name (for example AXIDIAN-PRIVILEGE) and its DNS name (for example axidian-privilege.local), click Save.
  3. Open the domain page.
  4. Click Add account, enter the service account name (for example, IPAMADServiceOps)
  5. Set the password manually and click Save.
  6. Click the pencil  icon next to Service account and select the service account (IPAMADServiceOps).
  7. Click Check connection and check if the connection was successful.
  8. Here, on the domain page, go to the Resource container tab and add an AD container that contains the required domain resources (for example, Computers).
  9. Here, on the domain page, go to the Privileged groups tab and specify the security groups that contain the accounts which users will use to access domain resources (for example, IPAMPrivilegedAccounts).
  10. Here, on the domain page, click the Import Resources and Sync accounts buttons. After that, all available resources and accounts will be added to the corresponding sections of the console.
  11. If necessary, go to the Events tab to view detailed information about domain events.

Add and Take Control of Accounts

In the Accounts section, check the imported domain accounts: they begin with the domain name, are marked with a question mark, and have a Pending state. At the top, click the Make managed button. Then, the password for the selected accounts will be reset to a new one in accordance with the policy.

Adding Non-Domain Resources

  1. Go to the Resources section, click Add.
  2. Enter the Resource name, DNS name and/or IP address.
  3. At the User connection step, select the connection type, specify the connection address and port if necessary.
  4. At the Service connection step, uncheck the Use connector for service connection checkbox (since local accounts have not been added yet), finish adding the resource. The new resource appears in the resource list.
  5. Open the resource page, click Add account, set the password manually.

The resource is ready to use: you can create permissions for it.

To perform service operations (searching and adding accounts, automatically changing passwords, updating resource information), it is necessary to set up a service connection.