Device access
This sections walks you through how to single sign-on to a devices tool, execute tasks on device(s) and manage credentials.
This section covers:
Device states
Each device is regularly monitored to determine its availability. The colour of the device presented to you on the UI will determine the devices current state.
Indicator | Description |
---|---|
The device can be successfully accessed. | |
Some tasks running on the device are showing errors. | |
Unable to make a connection to the device. | |
This device is not managed by Osirium PAM but the device credentials are saved within the Osirium PAM. The only tool available to this device is Reveal Credentials. |
Device tools
The device tool available to make a connection to a device is determined by the device type. The following table describes the different device tools that maybe used by devices to make a connection:
Icon | Description |
---|---|
The session will be launched within your local default web browser. | |
An RDP session will be launched using the Osirium PAM remote desktop client to connect to the device. | |
An SSH session will be launched. | |
The session will be connected through a MAP Server to the thick client application. | |
The SFTP user interface will be launched. The SFTP window will allow you to transfer files between your local workstation (local site) and the server (remote site) you are connected to. |
When a device tool is greyed out it means access has been disabled and you will not be able to open the device session. There can be a number of reasons why a device tool maybe greyed out:
- The protocol is currently unsupported.
- The device has been disabled.
- An approval request is required.
Approval Requests
Devices that require just in time approval requests will be greyed out with an icon. To connect to the device you will have to submit a Request Approval which then MUST be approved by an approver. Once approved the device will no longer be greyed out and you will be able to connect to the device tool/task within the valid time frame submitted.
Requesting an approval
If you want to submit a request then you will need to do the following:
-
Click on the
.
-
Within the Request Approval window, fill in the required details.
Field Description Valid for (hours) The time limit within which the request needs to be approved and the tool/task is accessed.
If the request isn't approved within the Valid for (hours) then it will no longer be valid. Another approval request will need to be submitted.Comment Add a comment to let the approver know why access is being required. -
Click
REQUEST
, you will see a Request submitted successfully message appear and the approvers are notified of the request. -
When the request is approved the device tool/task will no longer be greyed out. It is now available and can be accessed with the Valid for (hours) stated in the request. If you fail to access the tool/task within the stated hours then the access will expire and you will have to submit a new approval request. If you connect to the device tool within the Valid for (hours) then you will stay connected and won't be disconnected when the Valid for (hours) expires. If you disconnect your connection after the Valid for (hours) has expired then you won't be able to log back in and your tool/task will be greyed out again.
Approving a request
If you are an approver, you can view the requests waiting approval on the Requests page.
To approve a request:
-
Click on
Requests in the left-hand menu.
-
Within the Approval Requests window, click on the pending approve and review access requirements. If you are happy with the request then click
APPROVE
. -
When the request has been approved it will be removed from the list. If the request expires before it is approved then it will become invalid and also removed from the Approval Requests list.
Single signing onto device tools
A device tool can be launched by clicking on it from the list. The authentication and single sign-on process is handled by Osirium PAM so you won't be prompted to enter any credentials.
Note
If your tool is greyed out then it may require an Approval request.
The credentials used to sign-on to the device will have a predefined access level. The access level can be seen next to the tool. This access level will determine the level of permission and privilege granted to you for the device session and it is set by your superadmin.
The device tool will open in a new tab within your browser window once successfully authenticated. You are now ready to commence with your work on the device.
Example of a Device SSH session window within a browser tab
Change Tickets
Some device/task access maybe linked to change tickets which will allow access only after a change ticket is entered or you may choose to enter a change ticket against the work you are about to carry out. The change ticket will be used to track access and monitor work carried out.
Entering a change ticket:
-
Within the UI click on the device tool. You will be presented with the Change Ticket Required window.
-
To proceed with entering the change ticket click
YES
. If you clickNO
the Change Ticket Required window will close and you won't gain access to the device tool selected. -
If you have clicked
YES
the Change Ticket - Acquire Ticket window will open. -
Within the Change Ticket - Acquire Ticket window, fill in the following information:
Field Description Name Enter a name to easily identify the change. This can be a change ticket reference number or ID. Comment Enter a comment relating to the change ticket. -
When the information has been entered, click
ACQUIRE TICKET
. You will be logged onto the device. You can now carry out the work as specified on the change ticket. -
Within the device session window, you can view the change ticket that you are currently working under by clicking on
.
-
Within the Change Tickets - Active Ticket window you can:
-
View the current change ticket you are working under.
-
Add additional comments to the ticket by clicking on the plus.
-
Release the ticket if you have finished the work under the ticket by clicking on
RELEASE TICKET
, this will close your session.
-
Session recording
Session recording is a tool that is used to record device session activities. Sessions being recorded can be viewed in real-time by your superadmins and saved recorded sessions are available for playback and view at anytime.
When a device has been configured for session recording a will appear in the top left-hand corner of the device session window. This indicates that all your activities within the device session window will be recorded.
When connecting to devices that have been set for session recording, you will be prompted with a Session Recording Terms of Use message window. You will need to accept the agreement in order to proceed to your device session.
Copy and paste
The copy and paste icons which can be found in the top right-hand corner of your session, allows you to copy and paste content between your local clipboard and the clipboard on the remote session you are connected to.
To copy from your local clipboard to the remote session clipboard
-
Make sure the content you wish to copy is in the clipboard of your local machine.
-
Within the Remote Desktop window, click on the object your want to copy the content into and then click
. The copied text from your local machines clipboard is pasted into the remote session window.
To copy from your remote session clipboard to the local clipboard
-
Within your remote session, select the text you want to copy and click
.
-
On your local machine, open the window you wish to paste the text into and
CTRL+V
to paste. The text copied from the remote session is now available on your local machine.
Seamless clipboard
The latest version of Chrome is capable of supporting seamless clipboard which provides seamless interoperability between the local and remote clipboards. When this feature is supported the clipboards will be kept in sync without manual intervention, allowing for seamless copy & paste operations across both.
File sharing
All device sessions, with the exception of SSH, allow for file sharing to be performed between the local machine and the remote session.
For Remote Desktop / Remote Application the Shared on PAM UI mapped network drive can be viewed in your File Explorer window within your device session.
For HTTP(s) / Tasks the file sharing folder is created dynamically with a unique ID with the session name. The download operations inside this session will download files to this folder, and upload dialog will automatically open on this folder as well.
Secure File Transfer (SFTP) uses a shared folder within a Filezilla SFTP client.
The files and folders available in the shared drive can be accessed locally by using the Shared Files window which can be accessed by clicking on the icon located in the top right hand corner.
Downloading a file
The following instructions allow you to download a file from your remote session to your local machine.
-
Within the Remote Desktop window, open up a File Explorer window.
-
From the File Explorer window, copy the file you wish download into the Shared on PAM UI folder.
-
Now click on the
icon located in the top right hand corner.
-
The Shared Drive window will open. You will see the file copied to the Shared on PAM UI folder is listed within the Shared Drive window.
-
To download the file to your local machine simply click on the file within the Shared Drive window. The file will be downloaded by the browser.
Uploading a file
The following instructions allow you to upload a file from your local machine to your remote session.
-
Within the Remote Desktop window, click
located in the top right hand corner. The Shared Drive window will open.
-
Within the Shared Drive window, either drag and drop the file(s) from your local machine to the Shared Drive window or use the
to open your local machine File Explorer window and select the files to be uploaded onto the remote session.
-
Once the file has been successfully uploaded it will be available in the Shared on PAM UI folder on your remote session.
Executing device tasks
The execution of tasks refers to commands that can be run on a device to perform a set action. The UI lists the tasks you have been granted access to and have permission to execute on the device. You do not need to know the command when executing the task as the command is provided by Osirium PAM during runtime.
Note
If your task is greyed out then it may require a Just in Time Approval.
A task can also be executed on multiple devices of the same type which saves time and the effort of logging onto each device and running the task multiple times.
Tasks available can be executed in a variety of forms, these include:
- One click: No input required.
- Data collection: A value is read from the device and the output presented within a window.
- Free input field: Requires a value to be entered before the task can be executed.
- Dropdown list box: Requires a selection to be made from a predefined list.
To execute a task:
-
Click Tasks in the left-hand menu.
-
On the Tasks page, use the search to find the device or task name.
-
Click on the task you want to execute. The task is opened in a new tab within your browser window.
-
If the task requires an input you will be presented with the Input tab. If the task does not require an input then skip to step 5.
Below is an example of a task that requires input:
-
To execute the task on just the device listed, select the device listed and then skip to step 7. To select multiple devices proceed to step 6
-
To select multiple devices click
Choose devices
next to Execute on devices. The window will update and list all the devices that the task can be executed on. Select the device(s) you want to execute the task on. -
Once you have selected the device(s), click
Confirm
. -
Click
Execute
to run the task on the devices selected. -
Within the Question window, click
Yes
. -
Wait while the task is executed. Progress can be seen in the Action queue window. Once completed click
Done
. -
You can now close the task browser tab window.
Downloading a task file
If you have run a task which has created a file and you want to download it to your workstation here's how you do it:
-
Once the task has successfully completed the Action queue window will advise you to go to the files page to download the created file..
-
On the Devices page, click on the PAM Server > Browser (HTTP) connection.
-
Within the admin interface, click on My files in the left-hand menu.
-
On the My files page you will see the task file listed. Click on the
icon at the end of the row. The file will be downloaded and placed in the shared drive.
-
Click on the
icon located in the top right hand corner.
-
The Shared Drive window will open. You will see the file copied to the Shared Drive.
-
Click the file to download to your local machine. The file will be downloaded by the browser and will be available in your download folder.