Notification email for PSM session.

Hello Team,

Is there any way to configure a notification email for the PSM session.

Example:-

UserA- Requester

UserB- Approver.

Syetemname - Windows server

Account name - Win-account

 Condition A:-Once User A requests to access the windows server via win-account. he need to raise a request then User B should get a notification via email.(Someone requesting for PSM session).

Condition B:- After approved the request User A will access the windows server that time also User B should get a notification on email( Someone started the PSM session.)

Thanks in advance.

Regards,

Jafar Hussain

  • Hi Jafar

    This sounds like standard TPAM requester approver work flow.

    If access to a resource has to be approved then when a user requests access (be it password or session) the approver will be notified that there is a request that needs approving and so on.

    As long as you have assigned email addresses to the users who will request and approve and have configures the TPAM mail agent this will work.

    Best regards

    Tim


  • Thanks for your reply.

    I want to know it is by default if someone request for the PSM, Approver will be notify by an email for this we need to do any specific configuration?

    The second thing is that i mentioned once Approver, approved the request and user want to access the PSM session that time Approver should be notified for someone started the PSM session.

  • Hi Jafar

    What you are asking for is possible and you can configure TPAM to provide this if you wish

    So I guess here it is what you are expecting out of the box.

    The key thing is that you will need to decide what you wish TPAM to do and configure it accordingly.

    By default TPAM will do Nothing. It will not manage passwords or grant access to sessions. It will not send Email notifications or alerts.

    As a part of the configuration process you configure the email agent and turn it on.

    As a part of the configuration you add systems accounts and define those that will have a PSM configuration..

    You then add the users and create a permission model that will grant users who authenticate to TPAM access to the resources that TPAM manages.

    If you permission model assigns the requestor permission to a user and says that for that user to request access to a session then as long as TPMA has been configured with the information needed to be able to email the approvers and provide notifications when a session is started this will happen by default.

    So all that you ask for is possible and is available by default as long as you configure it to provide what you want.

    Best regards

    Tim

  • Thanks for your brief description.

    I want to add one point here, I have configured mail agent and it is running and working fine( I have checked by test email.)

    Once User A requests to access the windows server via win-account. then User B getting a notification via email( This scenerio is working fine).

    But thing is that i am not getting any notification email while the user starts the PSM session. What i need to check is there any misconfiguration?

    Regards,

    Jafar

  • Hi Jafar

    Ok I See where you are.

    Have you tried adding an email address or group to the "Send PSM Start Notification"On the PSM Details tab? There are also a number of special addresses that TPAM recognises you can add here to help you reach the correct people as well.

    Check out the admin guide for more details.

    Best regards

    Tim 

  • Yeah, thanks this option i was finding.

    OK , i will check this.

  • eah, thanks this option i was finding.

    OK , i will check this.

    Regards,

    Jafar

  • I have tried this option Send PSM Start Notification"On the PSM Details tab but it is not working. i am not getting any email once the session will start.

  • Hi Jafar

    Really not sure why this is not working.

    Did you try any of the special options mentioned in the admin guide to see if they give you a response?

    Email address that receives notification when a session on this account starts. The following special addresses may also be included: :AllApprovers - all users who can approve the request :Approvers - users that approved the request :Group=Group1,Group2... - comma separated list of one or more group names :RelNotify - release notification email for the account :System - primary email contact for the account

    What version of TPAM code are you running? 

    How are you authenticating the PSM session to the target system?

    Tim

     

  • Hello

    I dont think so this option will work because this system-level email notification only for some setting.

    I am not able to attach the screenshot here.

    I open managed system > Listing > Select the system > Details>

    One option i can find contact email: there i click on the question mark and i can check this option only use for:-

    This email notification is for the following condition:-

    • Password check or change
    • Expired PSM session.
    • Schedule password changes for manually managed accounts
    • Non- managed Account password release expiration
    • Scheduled password change for a manage acccount with send nitification only selected on the password change profile.

    Moreover i found this option, but i dont know which setting it is:-

    Login in /admin > mailagent > Email config :-

    Here i can find one option email type. but  i dont know how i need to conigure.

    My current TPAM version is 2.5.922

    Authentication process:- Some one request the session and Approver will approve this request after that user can access the system.

    Regards,

    Jafar