Terms
User Directory
The directory service domain from which Axidian Privilege retrieves employee data. Multiple directory service domains are supported.
The following directory services are supported:
- Active Directory;
- FreeIPA 4.12.1 and lower;
- OpenLDAP 2.6 and lower.
Axidian Privilege version 3.2 allows you to work with internal users without connecting to a directory service.
Users
Employees whose personal accounts are included in the user directory. In Axidian Privilege version 3.2 there are two types of users:
- directory service users;
- internal users.
In Axidian Privilege version 3.1 and lower only directory service users are supported.
Accounts
Local accounts of various systems or domain directory service accounts from which Axidian Privilege obtained the password.
Resources
The various systems that should be remotely accessed on behalf of the accounts.
Domains
Domains are intended for obtaining and automatically adding domain computers and domain accounts to Axidian Privilege.
Structure
Structure contains organizational units. An organizational unit (OU) combines users, resources, accounts, permissions to access protected objects in Axidian Privilege. OUs are designed to separate the privileges of Axidian Privilege administrators, which allows you to operate only within a specific OU without having access to operate with objects of other OUs.
Data Storage
Storage space for data and files. Axidian Privilege uses the following storage locations:
- Database (DBMS) — for recording logs, accounting, and service data.
- Media Storage — for storing videos, screenshots, and files.
Service Connection
PAM connection to a resource or domain to perform service operations. Service connections allow you to automatically check the SSH key password or synchronize accounts and computers in the directory service. The connection is made using the service account specified for the resource or domain.
It is also possible to add your own service connection types.
User Connection
A resource's functionality allows opening sessions via Web, RDP, SSH, Telnet, PostgreSQL, and Web/Desktop sessions (RemoteApp via RDS). A user connection allows remote actions on the resource.
A resource can support one or more types of such connections, including its own user connection types.
Permissions
An access right granted to an employee to work with a resource. Without permission, the user cannot open a session.
Policies
A set of options and restrictions applied to various objects: users, accounts, resources, or domains. For example, using configured policies, you can forbid SSH commands for a user, require for reasons before opening a session, or limit clipboard access between a workstation and a resource.
Only one policy can be assigned per object.