Skip to main content
Version: Axidian Privilege 3.3

Dashboard

The dashboard allows you to analyze user activity in real time. The dashboard contains widgets that display PAM summary data. The widgets allow you to navigate to other sections of the administrator console for more detailed analysis.

The following widgets are available in Axidian Privilege 3.3:

  • Sessions;
  • Permissions;
  • Accounts;
  • License usage;
  • Activity monitoring.
info

The dashboard is located in the Dashboard section of the administrator console.

To view and edit the dashboard, enable the privileges View page (Dashboard.View) and Update page configuration (Dashboard.Edit).

Sessions

The widget shows changes in the number of sessions, authentication errors, and credentials views. Analyze sessions and user actions to identify potential incidents, such as activity during non-working hours or recurring errors in sessions.

The graph can display data for an hour, day, or week and show the number of:

  • Total sessions — total number of sessions.
  • Sessions ended due to error — number of sessions terminated due to an error.
  • Authentication errors — number of authentication errors in the user and administrator consoles.
  • Credentials views — number of credentials views in the user console.

To go to the list of all sessions or sessions terminated due to an error, click Go to Sessions.

To go to the list of failed authentication attempts or credentials views, click Go to Events.

Permissions

The widget shows the number of problematic or unused permissions. Keep permissions up to date: this ensures control over privileged access and reduces the risks of unauthorized actions.

What is tracked:

  • Restricted permissions — the number of permissions with errors. Users cannot open sessions using such permissions. Restrictions occur for several reasons: no license, SSH fingerprint not set, user or service account unavailable. Fix the errors, revoke or recreate the permissions.
  • Unused permissions — the number of permissions that have not been used within a specified time period. Revoke such permissions. The period after which permissions are considered unused can be configured in the Monitoring section.

To go to the detailed list of permissions, click arrow_outward.svg.

Service accounts

The widget shows the number and status of service accounts. Make sure that the necessary service accounts are under PAM management, and their passwords and SSH keys are updated in a timely manner. This will protect service accounts from unauthorized use bypassing PAM.

What is tracked:

  • Pending — service accounts in the Awaiting decision state. PAM does not manage such service accounts. They can be used outside the system and bypass access control. Go to the service account profile and change its state to Managed or Ignored.
  • Accounts with errors — service accounts that encountered errors when working with PAM. This could be a failure during password change or errors with SSH keys. Such service accounts are not updated and may not work as expected. Check the details and resolve the issue.
  • Password and SSH key rotation not enabled in policy — service accounts for which credentials are not rotated. Such service accounts are vulnerable. Select the check box Periodically rotate service account password and SSH key.

To go to the detailed list of service accounts, click arrow_outward.svg.

Other service account states

Service account states:

  • Managed — managed service account. PAM can store the password and SSH key for this account, grant permissions and launch sessions. When a service connection is available, credentials for this service account are checked and changed.
  • Ignored — the service account does not participate in operations and synchronization. PAM knows about the existence of the service account, but does not store or manage its credentials.
  • Blocked — the service account is unavailable for use.

Licenses

The widget shows the number of used and available licenses. Monitor the remaining licenses and their expiration date: without them, users cannot open sessions, and administrators cannot grant permissions.

For more information about licenses, see the Licensing section.

The following licenses are tracked:

  • User — determines the number of users who can use Axidian Privilege.
  • Resource — defines the number of resources that can be added to Axidian Privilege.
  • AAPM — the number of accounts that can be granted permissions using the AAPM mechanism.
  • SQL Proxy — defines the number of active permissions for resources with PostgreSQL or MSSQL type.
  • Ad hoc resources — defines the number of custom resources for connection.

To go to the license list, click More in the upper right corner of the widget.

Activity control

The widget shows the number of inactive users. A user is considered inactive if they have not used their permissions within the period set by the administrator.

To go to the detailed list of users, click arrow_outward.svg