Secure Configuration for onprem Installations

 : You have shown us a nice presentation about secure configuration for IdentityManager onprem on the UNITE in Madrid.

We have done some security improvements meanwhile.
One is that the FatClients are connected to the AppServer.
So, we don't have to give the user the wide DB Access as they need in the past, when they connected directly to the DB.
For JobQueueInfo it's still only the direct DBConnection since it won't work over AppServer. The same for DBCompile, ...

You have shown us the use cases:

UC1: RDP (for database connection) to the dedicated server
UC2: RDP Application (for database connection) from the dedicated server
UC3: RDP Application (for database connection) with login to tools from the dedicated server

Now I'm wondering how I have to apply that for our Citrix and Cyberark enviroment.
How could the DB Connection secured windows integrated by one account, where as the actual user is authenticated by its own windows account.


Is there any paper, giving me more advice on that topic?

Patrick

btw. we are running 9.2

Parents Reply
  • Hi Markus

    Thanks, that helps.

    So I see it's not possible to have on AD User with Windows Authentication for DB connection and another AD User for the Tools Login, also using Windows Authentication.
    Therefore it makes sense for us to implement UC3 with new AD Accounts for just OneIdentityManager purpose (inkl. DB connection and Tools login).

    So we will follow up that case.

    Patrick

Children
No Data