| Approval request |
Approval requests enable just in time (JIT) access, allowing you to provide granular privileged access as and when requested. |
| Account state |
Accounts discovered on a device during a device audit are allocated a state to help identify if the accounts are recognised. The account states can be used to review and assess the validity of the audited account that exists on the device. |
| Account source |
Refers to the authentication service the account is linked to, and which is used by Osirium PAM to authenticate the accounts on the device. |
| Admin Interface |
Web based interface used to manage and administer Osirium PAM. |
| BAU |
See Business As Usual. |
| Business As Usual |
The normal desired HA scenario to be in whereby the Primary (Active) is operational and receiving all user traffic and the Secondary (Standby) is ready to take over from the Primary if required. |
| Control account |
Account that will be used to manage the device. It will be used by Osirium PAM to manage and communicate with the device/Active Directory. |
| Device |
Refers to the device that has been provisioned and is accessed through Osirium PAM. |
| Device state |
Status indicators allow you to monitor the current state and accessibility of the device and help highlight any issues with a device. |
| Device tasks |
Tasks that can be executed on a device. |
| Device template |
See template. |
| Device tools |
Protocols used to access a device, i.e. HTTPS, SSH, RDP, etc. |
| Fingerprint |
Helps safeguard against man-in-the-middle attacks. Osirium PAM will check that the associated fingerprint matches the devices fingerprint during connection. |
| Groups of Interest |
Is a list of Active Directory Security Groups that will be audited by Osirium PAM. |
| HA |
See High Availability. |
| High Availability |
Two PAM Servers configured to work as a HA Pair. Whereby, the Active PAM Server receives all the user traffic and replicates data to the Standby PAM Server. If the Active Server fails then the Standby Server can take over operations. |
| Management Interface |
Interface used to manage and configure HA. It is a web-based SSH management interface authenticated using PAM user (Owner level) credentials. It is accessed via [PAM Server IP address]:8443. |
| MAP Server |
Is an Osirium PAM controlled Windows Server used for launching remote applications. |
| Master Encyption Key (MEK) |
The underlying encryption key for the PAM Server database, required to recover a system using a backup file. |
| Osirium PAM |
Osirium's privileged access management suite of products. |
| PAM Client |
Desktop client installed on users workstation. Provides an interface and access point for users with access to device tools, device tasks and credentials. |
| PAM Server |
The main component that drives Osirium PAM. It incorporates the virtual appliance, database, Admin Interface and User Interface. |
| PAM Server Console |
Virtual machine console window that provides access to the PAM Server troubleshooting options and command line. |
| PAM UI |
Web based interface and access point for users. Provides access to device tools, device tasks and credentials. |
| PAM UI Server |
A dedicated web server used to run the web based interface. |
| Primary Server |
Set during HA configuration. In BAU, the Primary is the active PAM Server through which all user traffic flows. The actual role the server is performing will be dependant upon its current State. |
| Profile |
Provides role-based management controls and enables you to link together a group of devices, tools, tasks, users and user groups. |
| Provisioning |
Process of adding a device to Osirium PAM. |
| Secondary Server |
Set during HA configuration. In BAU, the Secondary is the standby PAM Server that is continually maintaining a replica of the Primary’s database. The actual role the server is performing will be dependant upon its current State. |
| Session Recording |
Real time actions captured in frames, saved and can be played back. |
| Shared Drive |
Mechanism that enables files to be shared between the local machine and the remote machine. |
| State |
Determines the role the server is performing when HA has been configured. Available states include Active, Standby, Demoted and Failed. |
| Static vault |
Used to store credentials that Osirium PAM isn't able to manage directly on the device. |
| SuperAdmin account |
The primary account that will be created during the PAM installation and given full access to the Admin Interface. |
| Tasks |
See device tasks. |
| Template |
Interface between Osirium PAM and the device. Provides the necessary language to allow Osirium PAM to communicate with the device and provide access control, account provisioning and execution of tasks. |
| Tools |
See device tools. |
| TOTP |
Time based one-time password, used for multifactor authentication with Osirium PAM. |
| UI |
See User Interface. |
| Unprovision |
Mechanism that removes the device so it can no longer be administered by Osirium PAM. |
| User |
Person who will be logging on and accessing Osirium PAM as well as privileged access to devices and device tasks. |
| User Group |
A set of users that require the same access levels. |
| User Interface |
Osirium PAM interface (browser or Desktop Client) and access point for users. |