Skip to content

Device connections and tasks

This sections walks you through how to single sign-on to a devices tool, execute tasks on device(s) and manage credentials.

This section covers:

Device states

Each device is regularly monitored to determine its availability. The colour of the device presented to you will highlight the devices current state.

Indicator Description
Server Green The device can be successfully accessed.
Server Orange Some tasks running on the device are showing errors.
Server Red Unable to make a connection to the device.
Server Blue This device is not managed by Osirium PAM but the device credentials are saved within the Osirium PAM. The only tool available to this device is Reveal Credentials.

Device tools

The device tool available to make a connection to a device is determined by the device type. The following table describes the different device tools that maybe used by devices to make a connection.

Icon Description
Browser Session will be launched within a browser window.
Desktop Remote Session will be launched using a remote desktop tool.
Command Line Session will be launched using an SSH client.
MAP Session Session will be launched using a remote application tool.
SFTP Session will be launching using an SFTP protocol tool. The SFTP window will allow you to transfer files between your local workstation (local site) and the server (remote site) you are connected to.

A device tool which is greyed out means the device can not be accessed. The reasons for this maybe:

  • The device has been disabled.
  • Requires you to submit an approval request for access to be granted.

Approval Requests

Devices that require just in time approval requests will be greyed out with an Approval request icon. To connect to the device you will have to submit a Request Approval which then MUST be approved before access is granted. Once approved the device will no longer be greyed out and you will be able to connect to the device tool/task within the valid time frame submitted.

Approval request required

Requesting an approval

If you want to submit a request then you will need to do the following:

  1. Click on the Request.

  2. Within the Request Approval window, fill in the required details.

    Request approval window

    Field Description
    Valid for (hours) The time limit within which the request needs to be approved and the tool/task is accessed.
    If the request isn't approved within the Valid for (hours) then it will no longer be valid. Another approval request will need to be submitted.
    Comment Add a comment to let the approver know why access is being required.

  3. Click REQUEST, you will see a Request submitted successfully message appear and the approvers are notified of the request.

  4. When the request is approved the device tool/task will no longer be greyed out. It is now available and can be accessed within the Valid for (hours) stated in the request.

If you fail to access the tool/task within the stated hours then the access will expire and you will have to submit a new approval request.

If you connect to the device tool within the Valid for (hours) then you will stay connected and won't be disconnected when the Valid for (hours) expires.

If you disconnect your connection after the Valid for (hours) has expired then you won't be able to log back in and your tool/task will be greyed out again.

Request Approved

Approving a request

If you are an approver, you can view the requests waiting approval on the Requests page.

To approve a request:

  1. Click on Requests.

  2. Within the Approval Requests window, click on the pending approval request and review access requirements. If you are happy with the request then click APPROVE.

    Approval request page

  3. When the request has been approved it will be removed from the list. If the request expires before it is approved then it will become invalid and also removed from the list.

Single signing onto device tools

A device tool can be launched by clicking on it from the list. The authentication and single sign-on process is handled by Osirium PAM so you won't be prompted to enter any credentials.

Note

If your tool is greyed out then it may require you to Request an Approval.

The credentials used to sign-on to the device will have a predefined access level. The access level can be seen next to the tool. This access level will determine the level of permission and privilege granted to you for the device session and it is set by your SuperAdmin.

The device tool will open once successfully authenticated. You are now ready to commence with your work on the device.

Change Tickets

Some device/task access maybe linked to change tickets which will allow access only after a change ticket is entered or you may choose to enter a change ticket against the work you are about to carry out. The change ticket will be used to track access and monitor work carried out.

Entering a change ticket:

  1. Click on the device tool. If a change ticket is required then you will be presented with the Change Ticket Required window.

    Note

    If you are not presented with the Change Ticket Required window but would like to log the work against a change ticket then click on the icon.

  2. Click YES to proceed. If you click NO the Change Ticket Required window will close and you won't gain access to the device tool selected.

  3. Within the Change Ticket - Acquire Ticket window, fill in the following information:

    Change Ticket acquire

    Field Description
    Name Enter a name to easily identify the change. This can be a change ticket reference number or ID.
    Comment Enter a comment relating to the change ticket.

  4. Once the information has been entered, click ACQUIRE TICKET. You will be logged onto the device. You can now carry out the work as specified on the change ticket.

  5. Within the device session window, you can view the change ticket that you are currently working under by clicking on .

  6. Within the Change Tickets - Active Ticket window you can:

    • View the current change ticket you are working under.

      Change ticket active

    • Add additional comments to the ticket by clicking on the plus.

      Change ticket additional comments

    • When you have completed your work under the ticket, click RELEASE TICKET. This will close the ticket and the session.

Session recording

Session recording is a tool that is used to record device session activities. Sessions being recorded can be viewed in real-time by your SuperAdmins and saved recorded sessions are available for playback and viewing at anytime.

Before your session starts you maybe prompted with a Session Recording Terms of Use window, if one has been configured. If configured, you will need to accept the agreement in order to proceed to your device session.

session recording terms of use

When you have been successfully logged onto the session a Session recording icon will appear in the top left-hand corner of the device session window to indicate that all your activities during the session will be recorded.

Executing device tasks

The execution of tasks refers to commands that can be run on a device to perform a set action. Osirium PAM lists the tasks you have been granted access to and have permission to execute on the device. You do not need to know the command when executing the task as the command is provided by Osirium PAM when run.

Note

If your tool is greyed out then it may require a Request Approval.

A task can also be executed on multiple devices of the same type. This saves time and effort of logging onto each device and running the task individually.

Tasks available can be executed in a variety of forms, these include:

  • One click: no input required.
  • Data collection: a value is read from the device and the output presented within a window.
  • Free input field: requires a value to be entered before the task can be executed.
  • Dropdown list box: requires a selection to be made from a predefined list.

To execute a task:

  1. Click the icon.

  2. On the Tasks page, use the search to find the device or task name.

  3. Click on the task you want to execute. The task is opened in a new tab within your browser window.

    • No input task: If the task doesn't require an input then you will be asked to select a device.

      Task execution window

    • Task input required: If the task requires an input you will be presented with the Input tab and asked to select a value.

      Task input tab

  4. Select one or more devices from the list on which you want to run the task.

  5. Click Execute to run the task on the selected devices.

    Execute task

  6. Within the Question window, click YES.

  7. Wait while the task is executed. Progress can be seen in the Action queue window. Once completed click DONE.

  8. If you have run a task that creates a file, you will be presented with the Output files tab. From here you can download the file that has been created by the task.

  9. When you have finished click DONE to close the task window.

Native tool menu actions

When you are using PAM (with tools set to launch with the Osirium PAM built-in applications), a blue menu bar will be visible at the top of the session window. This menu bar contains a number of actions which can be performed within the session.

Native tools menu actions

The actions available in the menu bar include:

Ctrl-Alt-Delete command

The icon allows you to send the Ctrl-Alt-Del computer keyboard command within your remote desktop session.

Copy and paste

This functionality will allow you to copy and paste content between your local machines clipboard and the clipboard on the remote session you are connected to.

To copy from your local clipboard and paste into your remote session

  1. Make sure the content you wish to copy is in the clipboard of your local machine.

  2. Within the Remote Desktop window, click on the object you want to paste the content into and then click . The copied text from your local machine clipboard is pasted into the remote session window.

    Remote desktop session

To copy from your remote session clipboard and paste into your local machine

  1. Within your remote session, select the text you want to copy and click .

    Remote desktop session

  2. On your local machine, open the window you wish to paste the copied text into and press CTRL+V to paste. The copied text from the remote session clipboard is pasted into the local machine window.

Seamless clipboard

The latest version of Chrome is capable of supporting seamless clipboard which provides seamless interoperability between the local and remote clipboards. When this feature is supported the clipboards will be kept in sync without manual intervention, allowing for seamless copy and paste operations across both.

File sharing

All device sessions, with the exception of SSH, allow for file sharing to be performed between the local machine and the remote session.

For Remote Desktop / Remote Application the Shared on PAM UI mapped network drive can be viewed in your File Explorer window within your device session.

Shared on PAM UI

For HTTP(s) / Tasks the file sharing folder is created dynamically with a unique ID with the session name. The download operations inside this session will download files to this folder, and the upload dialog will automatically open on this folder as well.

File upload browser session

Secure File Transfer (SFTP) uses a shared folder within a Filezilla SFTP client.

SFTP Session window

The files and folders available in the shared drive can be accessed locally by using the Shared Files window which can be accessed by clicking on the Shared drive icon icon located in the top right hand corner.

Shared drive window

Downloading a file

The following instructions allow you to download a file from your remote session to your local machine.

  1. Within the Remote Desktop window, open up a File Explorer window.

  2. From the File Explorer window, copy the file you wish to download into the Shared on PAM UI folder.

    RDP Explorer window

  3. Now click on the Shared Drive icon icon located in the top right hand corner.

    Remote desktop session

  4. The Shared Drive window will open. You will see the file copied to the Shared on PAM UI folder is listed within the Shared Drive window.

    Shared Drive window with Explorer window

  5. To download the file to your local machine simply click on the file within the Shared Drive window. The file will be downloaded by the browser.

Uploading a file

The following instructions allow you to upload a file from your local machine to your remote session.

  1. Within the Remote Desktop window, click Shared Drive icon located in the top right hand corner. The Shared Drive window will open.

    Shared Drive window

  2. Within the Shared Drive window, either drag and drop the file(s) from your local machine to the Shared Drive window or use the Plus to open your local machine File Explorer window and select the files to be uploaded onto the remote session.

  3. Once the file has been successfully uploaded it will be available in the Shared on PAM UI folder on your remote session.

    Shared Drive window with Explorer window

Downloading a task file

If you have run a task which has created a file and you want to download it to your workstation here's how you do it:

  1. Once the task has successfully completed the Action queue window will advise you to go to the files page to download the created file..

    Task download file message

  2. On the Devices page, click on the PAM Server > Browser (HTTP) connection.

    PAM Server Browser

  3. Within the Admin Interface, click on My files in the left-hand menu.

  4. On the My files page you will see the task file listed. Click on the Download icon at the end of the row. The file will be downloaded and placed in the shared drive.

  5. Click on the Shared Drive icon icon located in the top right hand corner.

    Remote desktop session

  6. The Shared Drive window will open. You will see the file copied to the Shared Drive.

    Shared Drive Task File

  7. Click the file to download to your local machine. The file will be downloaded by the browser and will be available in your download folder.