Role-Based Access Management


 

Random Password Manager (RPM provides a web interface that makes it easy to remotely recover passwords. The web application allows authorized users to view passwords for accounts that have been changed through RPM. Users with appropriate access controls have the right to use the application as well as the right to recover passwords for accounts managed by RPM. There are a number of permissions that can be delegated out to users of the web application. These permissions apply to users, global groups, or roles (RBAC) and control access to the features of the web interface as well as system and account information exposed through the web interface.

With RPM it's simple to configure role-based access controls to map user roles (as defined by your directory services and any explicit accounts that you configure) to groups of IT resources that users can access. You can create rules that match your organization's policies and update in real time whenever directory changes occur. This helps ensure that your organization's policies are always enforced, regardless of how personnel roles and IT assets may change. 

You can also configure explicit accounts, for example, to provide access to subcontractor personnel without granting domain credentials – allowing subcontractors to access predefined groups of systems through Remote Desktop / SSH connections that do not disclose any passwords. You can also configure options that grant individuals and groups immediate, audited access to particular groups of servers – or require certain departments and individuals (for example, tier-one help desk staff and contractors) to get explicit management approval before access is allowed.

RPM Multifactor Token Options

RPM Multifactor Token Options
(Click to Enlarge)

 

Flexible Authentication

RPM authenticates in real time with trusted Windows domains, popular standards-based directories such as Oracle Internet Directory and Novell eDirectory, and LDAP and RADIUS compliant servers. You can also grant access to members of selected Windows groups, individual Windows users, roles (as defined by your directory services), RADIUS users, or independent, explicit logins that you assign. 

You can grant any role the ability to access groups of resources, systems and accounts that you define, or to individual systems and accounts. RPM allows you to configure time-bound password retrieval that forces check-in and a password change after each access, so you'll always know who had access at what time, and for what stated purpose. 

Multifactor Options

Today's regulatory mandates – including the Consensus Audit Guidelines and others – require multifactor authentication when requesting privileged access. RPM supports the industry's broadest range of time-based and event-based multifactor authentication, including:

  • Out-of-the box support for proprietary tokens including RSA SecurID and YubiKey

  • OATH authentication using third-party tokens

  • Out-of-band, Time-based One-Time Password (TOTP) authentication by email and SMS using OATH services – providing easily configured multi-factor security that requires nothing further for your organization to buy

Use of multi-factor authentication can help safeguard your organization against common hacker exploits. For example, by deploying out-of-band multifactor authentication using email or SMS delivered to IT staff cell phones – available at no added cost – you can defeat many social engineering attacks by adding an additional verification of password requestors' identities.

Contact us to learn more about how Lieberman Software can help you secure your organization's privileged accounts.



150Submenu0Random Password ManagerFalse150Random Password ManagerMenu0150166False1850content1OverviewFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Random_Password_Manager__Overview/2417Submenu0CapabilitiesFalse417Capabilitiescontent150150166False10737419076content1Application Access ControlFalse/RPM-Application-Access-Control/25421content1Approval WorkflowsFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Approval_Workflows/25337content1Auditing and LoggingFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Auditing_and_Logging/25313content1Auto DiscoveryFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Auto_Discovery/25422content1Dashboards and ReportingFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Dashboards_and_Reporting/25344content1Ease of DeploymentFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Ease_of_Deployment/25346content1Enterprise IntegrationFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Enterprise_Integration/210737418468content1Hardware Based EncryptionFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Hardware_Based_Encryption/25347content1High Availability and Disaster RecoveryFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/High_Availability_and_Disaster_Recovery/25348content1Multi Language SupportFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Multi_Language_Support/25330content1Password ManagementFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Password_Management/25351content1Platform SupportFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Platform_Support/210737418548content1Programmatic AccessFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Programmatic_Access/25340content1Regulatory ComplianceFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Regulatory_Compliance/25332content1Role-Based Access ManagementFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Role-Based_Access_Management/25350content1Scalability and PerformanceFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Scalability_and_Performance/210737418469content1Secure Default PasswordsFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Secure_Default_Passwords/25342content1Session RecordingFalse/RPM-Session-Recording/25314content1Solution ArchitectureFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Solution_Architecture/25335content1Web-Based User InterfaceFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Capabilities/Web-Based_User_Interface/24497Library0DatasheetFalse/uploadedFiles/wwwliebsoftcom/MARCOM/Products/Random_Password_Manager/RPM-Datasheet.pdf1392Submenu0WebinarsFalse392Webinarscontent150150166False5026content1WebinarsFalse/rpm_webinars/25027content1WhitepapersFalse/rpm_whitepapers/210737418352ExternalLink0Request an EvaluationFalse/Random_Password_Manager_Download/2226Submenu0Support and DocumentationFalse226Support and Documentationcontent/Support_Documentation/#Random_Password_Manager150150166False1872ExternalLink0Knowledge BaseFalsehttp://forum.liebsoft.com/forumdisplay.php?f=4212328ExternalLink0ForumFalsehttp://forum.liebsoft.com/enterprise-random-password-manager/21740ExternalLink0DocumentationFalse/Support_Documentation/#Random_Password_Manager21500content1Revision HistoryFalse/www_liebsoft_com/4_0/Pages/Products/Random_Password_Manager/Content/Random_Password_Manager__Revision_History/21148content1Contact SupportFalse/www_liebsoft_com/4_0/Pages/Support/Customer_Support/2299Submenu0Optional ComponentsFalse299Optional Componentscontent150150166False3234content1System Center IntegrationsFalse/www_liebsoft_com/4_0/Pages/Products/Enterprise_Random_Password_Manager/Downloads/System_Center_Management_Packs/2
Live chat by SightMax