Skip to content

Device access report

This reporting page looks at device access and user sessions.

Introduction

The Device access report provides an audit of users that have logged into the PAM Server at any point and the device connections that have been made.

Device access report

The Device access report also allows you to view filtered screenshots from UI user sessions and monitor or terminate any active connections.

Note

To view filtered screenshots and monitor connections, session recordings must be enabled for, and agreed to by, the user.

For more information, see Privileged Session Management.

To view the Device access report:

  • In the Admin Interface, click Device access. The Device access report will appear.
  • In the top area of the Device access report, use the checkboxes to select one or more of the following categories to be displayed on the report:

    • PAM sessions
    • Device connections
    • Screenshots

Note

By default, only Device connections is selected.

Terminate active PAM UI sessions

To terminate active UI sessions:

  1. In the top area of the Device access report, select PAM sessions or Device connections.

  2. Within the table, select one or more active sessions.

    Note

    Active sessions are indicated ACTIVE in the End time column and marked Checked box icon in the Active? column.

  3. Click the Terminate button. The Question window will appear.

    Session termination notification

  4. If you want to prevent the selected user(s) from logging back onto the UI after termination, select Also disable the user [name].

  5. Click Yes.

  6. The selected user(s) will be logged out.

Device connections report

The Device connections report provides visibility of all device connections made through Osirium PAM.

On the Device access report page, click the Unchecked box Device connections checkbox to view this report.

The following information is presented in the Device connections report:

Heading Description
ID Shows the unique channel ID relating to the connection made by the user.
Session ID Shows the unique UI connection ID made by the user.
Start time The date and time a device tool session was first accessed by the named user.
End time The date and time a device tool session was closed by the named user, or indicates if the session is still ACTIVE.
Play icon A play icon in this column indicates that the session has been recorded.
Archive icon An archive screenshot icon in this column indicates that the session has been archived and, therefore, cannot be played. Retrieve the file from the Manage Files page to view.
Shadow icon A shadow icon in this column indicates that the session is still active and can be viewed in real time.
Duration Total time the device session was active.
Active duration Total time the session that is currently live has been active.
Device The name of the device that was accessed by a user.
User IP address The IP address of the connected user’s computer.
User Name of user who initiated the connection.
Account source Refers to the authentication service that the account is linked to i.e. this could be the PAM Server for local accounts, Active Directory for external accounts and Static Vault for stored credentials.
Access level Device access level (role, account, mapping, always ask or pass-through) used to single sign-on users onto the device. See Configuring a Profile.
Protocol Connection method used to access the device.
Active? Indicates the current status of the session.

Checked box icon is active and means the device tool is still being accessed by a user.

Unchecked box icon is inactive and means the device tool has been closed and the user no longer has a single sign-on connection to the device using that protocol.

Recorded? Relates to Privileged Session Management and if ticked, indicates that device session was recorded.

Whether or not a device session for a user is recorded is determined through a Profile and Record session on this profile task.

See Privileged Session Management.

Change tickets Lists the change tickets the device connection was performed under.
Approver Name of the person who approved the access requested by the user to connect to the device.
MAP Server If the device was accessed through a MAP Server, a MAP Server name will be listed.
MAP Account Shows the local account of the MAP Server used to make the connection.

PAM sessions

Selecting the PAM sessions lists all the user connections made to the UI and the number of devices accessed during the logon.

Client sessions report

The following information is presented in the PAM sessions report:

Heading Description
Session ID The unique UI connection ID.
Start time The date and time the user logged onto the UI.
End time The date and time the user logged off the UI. ACTIVE indicates that the user is still logged on.
Duration The total time the user was logged into the UI.
User Name of the user who initiated the connection.
# Device connections The number of device connections the user has made through the UI.
User IP address The IP address of the connected user’s computer.
Active? A selected check box indicates that the user is still logged onto the UI.
Archived? A selected check box indicates that the recorded screenshots have been archived to a ZIP file which can then be downloaded through the Manage files page.

NOTE For more information, see Managing Files.

Archive screenshots

UI sessions can be archived on an individual basis. This allows you more flexibility in how you can manage your archiving and group files as required before archiving.

To archive screenshots from PAM sessions:

  1. In the Device access report page, select PAM sessions.

  2. On the PAM sessions table, click one or more users.

  3. Click Archive screenshots. The Question window appears.

  4. On the Question window, click Yes to confirm that you want to store the screenshots from the user sessions in your files list. The Action queue window appears.

  5. On the Action queue window, click Done. The archived screenshots will be located in the Manage files page.

Note

Only inactive UI sessions can be archived.

Exporting videos

Device connections recorded session videos can be exported on an individual basis. Clicking on the Export video button allows you to download and save the video (mp4 file). The file can then be downloaded from the Manage files page.

Before videos can be exported, devices must be highlighted in the list.

Fuzzy filter

The fuzzy filter enables you to search keywords inside recorded connections to find specific changes/updates that have been made on a device.

The search term is matched against:

  • The keystrokes of a connection.
  • The titles of a recorded connection window, i.e. SSH window or web browser, etc.

Note

The window refers to the local tool opened to access the device.

Screenshots

The Screenshots section shows the session recorded screenshots, starting with the latest. If screenshots have been archived, they will no longer be shown here. Archived screenshots can be downloaded from the Manage files page.

From the Device access report, select Screenshots.

Screenshots can be grouped by:

  • Session: Shows all the screenshots relating to connection made to the UI only and the devices accessed during the logon.
  • Device connection: Shows all the screenshots relating to protocol connection types that have been made from the UI
  • None: Shows all screenshots recorded.

Live monitor

The Live monitor window allows you to shadow an active connection.

Note

Only device connections that are within profiles with Session Recording enabled can be shadowed.
For more information, see Privileged Session Management.

To Live monitor a session click the Live monitor button.

Playing a session recording

Saved session recordings can be viewed using the session player.

To play a session:

  1. Double-click on a device connection with an available recording.

  2. A Session player window will open for you to shadow the active device connection session.

Session Player|

The below functions are available within the Session player window:

Section Button heading Description
Transport Start icon First Takes you back to the start of the recording.
Previous icon Previous Takes you back to the previous frame played.
Play icon Play Plays the session recording from the start.
Last icon Last Takes you to the end of the recording.
Playback speed Playback speed from the moment the frame is loaded but will depend on the overall system speed.
- Normal: 1 second
- Fast: 0.5 second
- Fastest: 450 milliseconds
Shadow Shadow icon Shadow To start or stop shadowing of the active session.
Zoom Actual Shows the actual size of the window when recorded.
Fit Resizes the recording window to fit the Session Viewer screen so you can see the whole recorded window.
Timeline bar Indicates the time as the recording is played and allows you to scroll quickly to a specific time.

Within the Live monitor window, you can also:

  • Hold inactive: allows you to keep disconnected sessions visible for 60 seconds after they become inactive.

  • Group by: allows you to filter the active sessions by UI sessions or Device connections.

  • Zoom bar: allows you increase or decrease the size of the active session windows listed.