To enable the mangement console's Privilege Manager features
Set up a user in the Manage Sudo Policy or Manage PM Policy role to edit the policy and a user in the Audit Sudo Policy or Audit PM Policy role to replay keystroke logs. (See Add (or Remove) Role Members for details.)
|
Note: The default supervisor account is a member of all roles and therefore has the permissions to both edit policy and replay keystroke logs. |
Download the Privilege Manager for Unix software packages to the server.
Set the Privilege Manager software location in System Settings.
Configure the Primary Policy server:
Configure a Secondary Policy server:
Install the PM Agent or Sudo Plugin software on a remote host:
The first thing you must do is configure the host you want to use as your primary policy server.
Install the Privilege Manager Packages
Configure the Primary Policy Server
Join the Host to a Policy Group
Check Policy Server Readiness performs a series of tests to verify that the specified host(s) meet the minimum requirements to be configured as a policy server.
|
Note: This command is only available, if no Privilege Manager software is installed on the selected host(s). For the readiness check to finish successfully, the path to the Privilege Manager software packages must be correctly set in System Settings. (See Set Privilege Manager Software Path for details.) |
To check for policy server readiness
Select one or more hosts on the All Hosts view of the Hosts tab, open the Check menu from the Prepare panel of the tool bar, and choose Check Policy Server Readiness.
In the Check Policy Server Readiness dialog, enter user credentials to access the host(s) and click OK.
|
Note: This task does not require elevated credentials. |
If you select multiple hosts, you are asked if you want to use the same credentials for all the hosts (default) or enter different credentials for each host.
If you selected multiple hosts and the Use the same credentials for all selected hosts option, enter your credentials to log on to access the selected host(s) and click OK.
If you selected multiple hosts and the Enter different credentials for each selected host option, it displays a grid which allows you to enter different credentials for each host listed. Place your cursor in a cell in the grid to activate it and enter the data.
To check the results of the readiness check,
Right-click the host on the All Hosts view of the Hosts tab, and choose Readiness Check Results.
Choose Policy Readiness from the drop-down menu, if necessary.
Running the readiness check on a policy server performs these tests:
A progress bar displays in the Task Progress pane. The final status of the task displays, including any failures or advisories encountered.
If the readiness check completed with failures or advisories, correct the issue(s) and run the policy server readiness check again.
After you make sure your primary policy server host meets the system requirements, you are ready to install the Privilege Manager packages.
The mangement console allows you to install three Privilege Manager software components which provide central policy management, granular access control reporting, as well as the ability to enable, gather, store and playback keystroke logs.
|
Note: Centralized policy management and keystroke logging are licensed separately. (See Software & Licenses for details.) |
To install the Privilege Manager packages
|
Note: The Install Software tool bar menu is enabled when you select hosts that are profiled. The tool bar button will not be active if
|
On the Install Software dialog, select a Privilege Manager package and click OK.
|
Note: If you do not see these software packages, verify the path to the software packages is correctly set in System Settings. (Refer to Set Privilege Manager Software Path for details.) |
|
Note: This task requires elevated credentials. |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy