PIAM Features

Feature Overview

Detailed Features

1. Single Sign on to PIAM Servers

   Single Sign to PIAM enables users to access privileged resources through a unified authentication process. CPIAM can be integrated as a SAML application with Cross Identity to perform SSO. This can be configured as SP or IdP-initiated flows.

   

2. Advanced Multifactor Authentication

   Multifactor Authentication protects your resources with a comprehensive range of user-friendly authentication methods and strengthens security by requiring users to provide additional verification factors.

   Cross Identity enables a step-up authentication layer while performing login or Single Sign on to Cloud PIAM (CPIAM). This can be based on various contexts available in the CI solution such as Geolocation, IP Range, Time of access and so on.

   The MFA options include:

   • Security Questions

   • SMS OTP

   • Email OTP

   • Soft Token

   • Passwordless MFA

   

3. Session Manager

   Using audits that cannot be altered and important events recorded, CPIAM enables users to maintain compliance. Secure, segregated remote sessions should be established, and all activity should be recorded. End users never make direct connections to the targets, lowering the malware risk of malware.

   When any user accesses a particular remote desktop connection, a unique session is created and will appear in the list of active sessions in the session management screen. Each active session is displayed in a sortable table, showing the corresponding user’s username, how long the session has been active, the IP address of the machine from which the user is connecting, and the name of the connection being used.

   

4. Session Recording

   The CIPIAM web application includes support for playing back recordings from the history screen in the administration interface. Still, that support cannot automatically know where those recordings are stored nor how they are named. The extension documented here provides exactly that missing piece, allowing the web application to find recordings on disk so long as they are named appropriately and stored in a specific location.

   The availability of a recording is displayed as a “View” link in the “Logs” column of the history table:

   

   Clicking on that link navigates to a screen with a player that loads the recording and allows it to be played back:

   

5. Session Termination

   The user menu within the CIPIAM menu provides an additional “Disconnect” option that allows you to explicitly close the current connection only. Clicking “Logout” will also implicitly disconnect all active connections, including the current connection.

   

6. Support for remote desktop protocols and Network Devices

   Our CPIAM solution supports various protocols for connecting servers, including SSH, Telnet, VNC and RDP. We also support a variety of authentication methods, such as password-based authentication, public-key authentication, and two-factor authentication.

   This includes support for various remote desktop protocols:

   • SSH

   • RDP

   • VNC

   • Telnet

   • Kubernetes

   Our CPIAM solution supports many devices, including databases, routers and network devices such as DB/ Routers and Network Devices.

   CPIAM solution provides centralized control and monitoring of privileged access to databases. This includes database management systems like Oracle, Microsoft SQL Server, MySQL, PostgreSQL, and more. PIAM solutions also extend their coverage to routers, switches, firewalls, and other network infrastructure components. This is essential to maintaining control over network configurations and minimizing the risk of unauthorized changes.

7. Password Management for PIAM users

   Privileged credential management refers to the vaulting and secure storage of privileged credentials and secrets. A password policy establishes specific rules, best practices and tools that can help your organization manage user credentials efficiently and securely. The password manager in CPIAM stores all privileged account credentials in a secure, centralized vault reducing the risk of password theft and unauthorized access to sensitive systems and data.

   It also enforces strong password policies to ensure that all the passwords meet minimum complexity requirements, such as length, complexity, and expiration.