Skip to content

Device access

This sections walks you through how to single sign-on to a devices tool, execute tasks on device(s) and manage credentials.

This section covers:

Device states

Each device is regularly monitored to determine its availability. The colour of the device presented to you on the UI will determine the devices current state.

Indicator Description
Server Green The device can be successfully accessed.
Server Orange Some tasks running on the device are showing errors.
Server Red Unable to make a connection to the device.
Server Blue This device is not managed by Osirium PAM but the device credentials are saved within the Osirium PAM. The only tool available to this device is Reveal Credentials.

Device tools

The device tool available to make a connection to a device is determined by the device type. The following table describes the different device tools that maybe used by devices to make a connection:

Icon Description
Browser The session will be launched within your local default web browser.
Desktop Remote An RDP session will be launched using the Osirium PAM remote desktop client to connect to the device.
Command Line An SSH session will be launched.

When a device tool is greyed out it means access has been disabled and you will not be able to open the device session. There can be a number of reasons why a device tool maybe greyed out:

  • The protocol is currently unsupported.
  • The device has been disabled.
  • An approval request is required.

Approval Requests

Devices that require just in time approval requests will be greyed out with an Approval requesticon. To connect to the device you will have to submit a Request Approval which then MUST be approved by an approvers. Once approved the device will no longer be greyed out and you will be able to connect to the device tool/task within the valid time frame submitted.

Approval request required

Requesting an approval

If you want to submit a request then you will need to do the following:

  1. Click on the Request.

  2. Within the Request Approval window, fill in the required details.

    Request approval window

    Field Description
    Valid for (hours) The time limit within which the request needs to be approved and the tool/task is accessed.
    If the request isn't approved within the Valid for (hours) then it will no longer be valid. Another approval request will need to be submitted.
    Comment Add a comment to let the approver know why access is being required.
  3. Click REQUEST, you will see a Request submitted successfully message appear and the approvers are notified of the request.

  4. When the request is approved the device tool/task will no longer be greyed out. It is now available and can be accessed with the Valid for (hours) stated in the request. If you fail to access the tool/task within the stated hours then the access will expire and you will have to submit a new approval request. If you connect to the device tool within the Valid for (hours) then you will stay connected and won't be disconnected when the Valid for (hours) expires. If you disconnect your connection after the Valid for (hours) has expired then you won't be able to log back in and your tool/task will be greyed out again.

    request approved

Approving a request

If you are an approver, you can view the requests waiting approval on the Requests page.

To approve a request:

  1. Click on Request Requests in the left-hand menu.

  2. Within the Approval Requests window, click on the pending approve and review access requirements. If you are happy with the request then click APPROVE.

    Approval request page

  3. When the request has been approved it will be removed from the list. If the request expires before it is approved then it will become invalid and also removed from the Approval Requests list.

Single signing onto device tools

A device tool can be launched by clicking on it from the list. The authentication and single sign-on process is handled by Osirium PAM so you won't be prompted to enter any credentials.

Note

If your tool is greyed out then it may require an Approval request.

The credentials used to sign-on to the device will have a predefined access level. The access level can be seen next to the tool. This access level will determine the level of permission and privilege granted to you for the device session and it is set by your superadmin.

The device tool will open in a new tab within your browser window once successfully authenticated. You are now ready to commence with your work on the device.

Example of a Device SSH session window within a browser tab

SSH Session Example

Change Tickets

Some device/task access maybe linked to change tickets which will allow access only after a change ticket is entered or you may choose to enter a change ticket against the work you are about to carry out. The change ticket will be used to track access and monitor work carried out.

Entering a change ticket:

  1. Within the UI click on the device tool. You will be presented with the Change Ticket Required window.

    Change Ticket required

  2. To proceed with entering the change ticket click YES. If you click NO the Change Ticket Required window will close and you won't gain access to the device tool selected.

  3. If you have clicked YES the Change Ticket - Acquire Ticket window will open.

    Change Ticket acquire

  4. Within the Change Ticket - Acquire Ticket window, fill in the following information:

    Field Description
    Name Enter a name to easily identify the change. This can be a change ticket reference number or ID.
    Comment Enter a comment relating to the change ticket.
  5. When the information has been entered, click ACQUIRE TICKET. You will be logged onto the device. You can now carry out the work as specified on the change ticket.

  6. Within the device session window, you can view the change ticket that you are currently working under by clicking on the Change ticket.

  7. Within the Change Tickets - Active Ticket window you can:

    • View the current change ticket you are working under.

      Change ticket active

    • Add additional comments to the ticket by clicking on the plus.

      Change ticket additional comments

    • Release the ticket if you have finished the work under the ticket by clicking on RELEASE TICKET, this will close your session.

Session recording

Session recording is a tool that is used to record device session activities. Sessions being recorded can be viewed in real-time by your superadmins and saved recorded sessions are available for playback and view at anytime.

When a device has been configured for session recording a Session recording will appear in the top left-hand corner of the device session window. This indicates that all your activities within the device session window will be recorded.

RDP Session recording example

When connecting to devices that have been set for session recording, you will be prompted with a Session Recording Terms of Use message window. You will need to accept the agreement in order to proceed to your device session.

session recording terms of use

Shared clipboard

The shared clipboard allows you to share content between your local clipboard and the clipboard on the remote session you are connected to. In order to move content from one clipboard to the other, you can use the Shared clipboard window.

To copy from your local clipboard to the remote session clipboard

  1. Make sure the content you wish to copy is in the clipboard of your local machine.

  2. Within the Remote Desktop window, click on the Clipboard icon icon located in the top right hand corner.

    Remote desktop session

  3. The copied text from your local clipboard is pasted into the Shared clipboard window when opened.

    Shared clipboard

  4. Within the Shared clipboard window click the Send to device clipboard button.

  5. The contents of the pasted text in the Shared clipboard window is now in the clipboard of the Remote Desktop session. If you open an editor i.e. Notepad, in your remote session and paste, the text in the Shared clipboard window will be pasted into the editor.

    Clipboard copy example remote

To copy from your remote session clipboard to the local clipboard

  1. Make sure the content you wish to copy is in the clipboard of your remote session.

  2. Within the Remote Desktop window, click on the Clipboard icon icon located in the top right hand corner.

    Remote desktop session

  3. The copied text from your local clipboard is pasted into the Shared clipboard window when opened.

    Shared clipboard

  4. The copied text from your remote session clipboard is pasted into the Shared clipboard window when opened.

    Shared clipboard

  5. Within the Shared clipboard window click the Copy to clipboard button.

  6. The contents of the pasted text in the Shared clipboard window is now in the clipboard of your local desktop session. If you open an editor i.e. Notepad, on your local machine and paste, the text in the Shared clipboard window will be pasted into the editor.

    Clipboard copy example remote

Seamless clipboard

The latest version of Chrome is capable of supporting seamless clipboard which provides seamless interoperability between the local and remote clipboards. When this feature is supported the clipboards will be kept in sync without manual intervention, allowing for seamless copy & paste operations across both.

File sharing

All device sessions, with the exception of SSH, allow for file sharing to be performed between the local machine and the remote session.

For Remote Desktop / Remote Application the Shared on PAM UI mapped network drive can be viewed in your File Explorer window within your device session.

Shared on PAM UI

For HTTP(s) / Tasks the file sharing folder is created dynamically with a unique ID with the session name. The download operations inside this session will download files to this folder, and upload dialog will automatically open on this folder as well.

File upload browser session

Secure File Transfer (SFTP) uses a shared folder within a Filezilla SFTP client.

SFTP Session window

The files and folders available in the shared drive can be accessed locally by using the Shared Files window which can be accessed by clicking on the Shared drive icon icon located in the top right hand corner.

Shared drive window

Downloading a file

The following instructions allow you to download a file from your remote session to your local machine.

  1. Within the Remote Desktop window, open up a File Explorer window.

  2. From the File Explorer window, copy the file you wish download into the Shared on PAM UI folder.

    RDP Explorer window

  3. Now click on the Shared Drive icon icon located in the top right hand corner.

    Remote desktop session

  4. The Shared Drive window will open. You will see the file copied to the Shared on PAM UI folder is listed within the Shared Drive window.

    Shared Drive window with Explorer window

  5. To download the file to your local machine simply click on the file within the Shared Drive window. The file will be downloaded by the browser.

Uploading a file

The following instructions allow you to upload a file from your local machine to your remote session.

  1. Within the Remote Desktop window, click on the Shared Drive icon icon located in the top right hand corner. The Shared Drive window will open.

    Shared Drive window

  2. Within the Shared Drive window click on the Upload files icon Upload Files icon. The Upload your files window will open.

    Upload your files window

  3. Either drag and drop the file(s) from your local machine to the Upload your files window or use the Plus button to open your local machine File Explorer window and select the files to be uploaded onto the remote session.

    File upload window with File Explorer

  4. Once the file has been successfully uploaded it will be available in the Shared on PAM UI folder on your remote session.

    Uploaded file

Note

To stop a file during an upload or to remove the file click on the tick next to the file.

Executing device tasks

The execution of tasks refers to commands that can be run on a device to perform a set action. The UI lists the tasks you have been granted access to and have permission to execute on the device. You do not need to know the command when executing the task as the command is provided by Osirium PAM during runtime.

Note

If your task is greyed out then it may require a Just in Time Approval.

A task can also be executed on multiple devices of the same type which saves time and the effort of logging onto each device and running the task multiple times.

Tasks available can be executed in a variety of forms, these include:

  • One click: No input required.
  • Data collection: A value is read from the device and the output presented within a window.
  • Free input field: Requires a value to be entered before the task can be executed.
  • Dropdown list box: Requires a selection to be made from a predefined list.

To execute a task:

  1. Click Tasks in the left-hand menu.

  2. On the Tasks page, use the search to find the device or task name.

    Task page

  3. Click on the task you want to execute. The task is opened in a new tab within your browser window.

    Task execution window

  4. If the task requires an input you will be presented with the Input tab. If the task does not require an input then skip to step 5.

    Below is an example of a task that requires input: Task input tab

  5. To execute the task on just the device listed, select the device listed and then skip to step 7. To select multiple devices proceed to step 6

  6. To select multiple devices click Choose devices next to Execute on devices. The window will update and list all the devices that the task can be executed on. Select the device(s) you want to execute the task on.

    Select devices

  7. Once you have selected the device(s), click Confirm.

  8. Click Execute to run the task on the devices selected.

    Execute task

  9. Within the Question window, click Yes.

    Task question window

  10. Wait while the task is executed. Progress can be seen in the Action queue window. Once completed click Done.

    Task action queue window

  11. You can now close the task browser tab window.

Downloading a task file

If you have run a task which has created a file and you want to download it to your workstation here's how you do it:

  1. Once the task has successfully completed the Action queue window will advise you to go to the files page to download the created file..

    Task download file message

  2. On the Devices page, click on the PAM Server > Browser (HTTP) connection.

    PAM Server Browser

  3. Within the admin interface, click on My files in the left-hand menu.

  4. On the My files page you will see the task file listed. Click on the Download icon at the end of the row. The file will be downloaded and placed in the shared drive.

  5. Click on the Shared Drive icon icon located in the top right hand corner.

    Remote desktop session

  6. The Shared Drive window will open. You will see the file copied to the Shared Drive.

    Shared Drive Task File

  7. Click the file to download to your local machine. The file will be downloaded by the browser and will be available in your download folder.