User Console

The User Console is a web application for accessing Axidian Privilege protected objects. Through the console, you can connect to a resource and open a session using active permissions. The console URL is formed from the Axidian Privilege domain name. Example address: https://pam.domain.local/uc.

The User Console contains several sections:

• Resources is the main section where permissions to connect to resources are displayed.
  
• Accounts is a list of account entries with the ability to view and edit passwords and SSH keys.
  The section displays only those account entries for which the View account credentials and/or Manage account credentials options are enabled in the permissions.
• Applications is a list of applications added to Axidian Privilege with the ability to view account data.
  Only application administrators can view passwords.

Two-factor authentication (2FA)

1. Open the User Console.

2. Enter the login in one of the formats:

   • john.smith@sрace.local — UPN format
   • SPACE\john.smith — domain\user format
   • john.smith — without the domain part

   If a user's login from an external directory matches an internal user's login, specify the login along with the domain to log in under the catalog account.

3. Enter the password and click Log In.

4. Enter the second factor of authentication and click Log In.
   

   How to configure two-factor authentication

   Set up two-factor authentication on your first login to the console.
   To register an authenticator:

   1. Install an OTP generation application.
   2. Scan the QR code or enter the access key.
   3. In the User Console, enter the one-time authentication code.
   4. Click Register.
      
      

   After registration, the console login form will appear. Enter the new code from the OTP generation application.

   caution

   After exceeding the number of incorrect OTP entry attempts, the user is blocked for 10 minutes by default. The number of attempts and the blocking time are set by the administrator in the Configuration → User Authentication section.

To exit the console, in the top right corner, click on the login and select Sign Out.

Change PAM User Password

An internal Axidian Privilege user can independently change their password.
To change the password:

1. Authenticate in the User Console.
2. In the top right corner, click on the login.
3. In the drop-down list, select Change Password.
4. In the window that opens, enter the current and new password.
5. (Optional) Set the Terminate all active sessions option.
6. Click Change Password.

Working with Folders

Folders help organize work in the console. Group resources by the desired attribute, for example, by department or connection type. To display the menu with folders, in the Resources section click and select the required action:

• — create a new folder;
• — edit the name of the selected folder;
• — delete the selected folder.

To add a resource to a folder:

1. Go to the Resources section and click All Resources or Resources without a folder.

2. Select one or more resources and click Move.

   info

   Ad hoc resources cannot be added to a folder.

3. Select the required folder and click Save.

Find a resource, account, or application

To find a resource:

1. Go to the Resources section.

2. Click    and in the expanded menu select where to search for the resource.

3. In the search bar, enter the resource name, account name, type, connection address, or tag.

   info

   Ad hoc resources can be found by the query «adhoc».

To find an account or application:

1. Go to the Accounts or Applications section.
2. In the search bar, enter the account or application name.

View credentials

In the user console, viewing of passwords and SSH keys for accounts that have the Allow view account credentials permission enabled is available. To view credentials:

1. Go to the Accounts section.
2. Click View credentials next to the required account.
3. Enter the reason for viewing and click View credentials.
   
   

Only their administrators can view application credentials.
To view an application password:

1. Go to the Applications section.
2. Click View credentials next to the required application.
3. Enter the reason for viewing and click View credentials.

Change a password or SSH key

In the user console, editing of the password and SSH key for accounts that have the Allow change account credentials permission enabled is available. To change credentials:

1. Go to the Accounts section.

2. Click  and select the required action:

   • Change password — enter the password and confirm it.

   • Change SSH key — select the SSH key file and enter its password.
     RSA keys in OpenSSH and PEM formats are supported, as well as Ed25519 in OpenSSH format.
     

     How to generate an SSH key

     To create an SSH key and save it to a file, use the PuTTYgen program or one of the commands:

     The RSA key in the OpenSSH format

     ssh-keygen -t rsa -b 4096 -f id_rsa_openssh -C "RSA OpenSSH key"

     The RSA key in the PEM format

     ssh-keygen -t rsa -b 4096 -f id_rsa_pem -C "RSA PEM key" -m PEM

     The Ed25519 key in the OpenSSH format

     ssh-keygen -t ed25519 -f id_ed25519_openssh -C "Ed25519 OpenSSH key"

3. Specify the reason for changing the password or SSH key and click Save.