Skip to main content
Version: Axidian Privilege 3.2

Terms

User Directory

The directory service domain from which Axidian Privilege retrieves employee data. Multiple directory service domains are supported.

info

The following directory services are supported:

  • Active Directory;
  • FreeIPA 4.12.1 and lower;
  • OpenLDAP 2.6 and lower.

Axidian Privilege version 3.2 allows you to work with internal users without connecting to a directory service.

Users

Employees whose personal accounts are included in the user directory. In Axidian Privilege version 3.2 there are two types of users:

  • directory service users;
  • internal users.

In Axidian Privilege version 3.0 and lower only directory service users are supported.

Accounts

Local accounts of various systems or domain directory service accounts from which Axidian Privilege obtained the password.

Resources

The various systems that should be remotely accessed on behalf of the accounts.

Domains

Domains are intended for obtaining and automatically adding domain computers and domain accounts to Axidian Privilege.

Structure

Structure contains organizational units. An organizational unit (OU) combines users, resources, accounts, permissions to access protected objects in Axidian Privilege. OUs are designed to separate the privileges of Axidian Privilege administrators, which allows you to operate only within a specific OU without having access to operate with objects of other OUs.

Data Storage

For data storage Axidian Privilege can use different DBMS:

  • Microsoft SQL Server
  • PostgreSQL
  • PostgreSQL Pro
  • Jatoba

Service Connection

Service connection to a resource allows you to perform the following operations:

  • Checking the connection to the resource;
  • Synchronizing accounts;
  • Account Security Groups synchronization;
  • Control of passwords (SSH keys) of accounts;
  • Changing the passwords (SSH keys) of accounts;
  • Synchronizing resource OS version or DBMS version;
  • Synchronizing domain computers in directory service.

Service connections are supported for the following resources:

  • Microsoft Active Directory;
  • Windows;
  • *nix;
  • Microsoft SQL Server;
  • MySQL;
  • PostgreSQL;
  • OracleDB;
  • Cisco (IOS XE);
  • Inspur BMC (IPMI).

It is also possible to add your own service connection types.

User Connection

The User connection allows you to open sessions on resources or run individual RemoteApp applications. The following types of connections are supported:

  • RDP;
  • SSH;
  • Telnet;
  • RemoteApp via RDS;
  • PostgreSQL.

A resource can have one or more user connection types.

It is also possible to add your own user connection types.

Permissions

Permissions are used to manage privileged access. Any user can be given permission to access the resource.
Сontents of the permission:

  • User — an employee whose personal account is part of the User Directory.
  • Account — local or domain account used to start a session at the resource.
  • Resource — the resource on which the session will be opened.
caution

Permission cannot be modified while used. Revoked permissions cannot be restored.

Policies

A policy is a set of settings that is propagated to multiple system objects. A single object can be assigned only one policy of the certain type.