In this article, you will learn everything you need to know about the Privileged Access Management app. This application helps you manage the Privileged Access Management requests in your organization with the help of the Privileged Access Management app that can be downloaded from the Apple Store / Google Play Store (search of Privileged Access Management).
You can log in to the Privileged Access Management app using the credentials you use when you log in to the HEIMDAL Dashboard. In case the 2-Factor Authentication feature is disabled for your account, you have to leave the Two-factor verification field empty when logging in to the Management app.
About - redirects you to the About Page;
Contact Support - will open the default mail client that the iOS / Android user will use to send an email to the support team. The Subject is [Heimdal Management App] and the Body includes the name of the loger.txt.
When running the application, the administrator needs to give his agreement to receive notifications, otherwise, the notifications need to be enabled from Settings -> Notifications -> App notifications -> Privileged Access Management -> Show notifications (enabled).
ACTIVE ELEVATIONS page
When you log in to the Privileged Access Management app, you are directed to the Active Elevations page.
On this page, you can see the Active elevations split into 2 categories:
- Full admin rights (Administrator Session);
- File run as admin (single-file elevation).
When a new elevation request is being made, it will appear as a new entry to be approved or denied by the HEIMDAL Dashboard Administrator. The app gathers information on each elevation request: requesting username, date and time, the hostname of the computer, and the elevation type. Taping an elevation request enables the Deny / Accept buttons.
After you accept an elevation request, the entry will move onto the Pending Elevations page. The Filter Elevations button allows the user to filter the elevations based on two categories, Type and Timeframe:
PENDING ELEVATIONS page
On the Pending Elevations page, you can see all the accepted elevation requests and information about their status. On this page, you can see the Pending elevations split into 2 categories:
- In progress (elevations that have started);
- Pending user (elevations that were accepted and waiting to be started by the user).
The app collects information on the elevated user, the time and date, the hostname, the elevation type, and the elevation status.
Taping an elevation request that has not started gives the administrator the possibility of denying it by pressing the Deny buttons.
When an elevation has been completed, the entry will move onto the History page. The Filter Elevations button allows the user to filter the elevations based on two categories, Type and Timeframe:
On the History page, you can see a list of all the elevations that were approved and completed.
The Filter Elevations button allows the user to filter the elevations based on two categories, Status and Timeframe:
The hamburger menu allows you to navigate between the Active elevations, Pending elevations, and History elevations. On the Settings page, you can make changes regarding your notifications, while the About page contains End User License Agreement and the Logout button disconnects you and returns you to the Login page.
a. Settings Page
The Settings page helps you set up the type of notifications you would like to receive. By default, these are disabled, leaving the user to choose the type of notification that would like to receive.
If the user has the right to impersonate (available by logging in with a reseller account), then he will be receiving the notification of the last customer that he impersonated. If the user does not have the right to impersonate, then the user will be receiving only the notifications which are meant for him.
The administrator will receive the cumulative notification when more elevations are requested at an interval of five minutes after the first requested elevation. The notification message(s) will be unique, depending on the type of notification that the administrator has selected. To stop receiving notifications, you have to log out of the iOS / Android PAM Management App.