Notification email for PSM session.

Hello Team,

Is there any way to configure a notification email for the PSM session.

Example:-

UserA- Requester

UserB- Approver.

Syetemname - Windows server

Account name - Win-account

 Condition A:-Once User A requests to access the windows server via win-account. he need to raise a request then User B should get a notification via email.(Someone requesting for PSM session).

Condition B:- After approved the request User A will access the windows server that time also User B should get a notification on email( Someone started the PSM session.)

Thanks in advance.

Regards,

Jafar Hussain

Parents
  • Hi Jafar

    This sounds like standard TPAM requester approver work flow.

    If access to a resource has to be approved then when a user requests access (be it password or session) the approver will be notified that there is a request that needs approving and so on.

    As long as you have assigned email addresses to the users who will request and approve and have configures the TPAM mail agent this will work.

    Best regards

    Tim

  • Hi Jafar

    What you are asking for is possible and you can configure TPAM to provide this if you wish

    So I guess here it is what you are expecting out of the box.

    The key thing is that you will need to decide what you wish TPAM to do and configure it accordingly.

    By default TPAM will do Nothing. It will not manage passwords or grant access to sessions. It will not send Email notifications or alerts.

    As a part of the configuration process you configure the email agent and turn it on.

    As a part of the configuration you add systems accounts and define those that will have a PSM configuration..

    You then add the users and create a permission model that will grant users who authenticate to TPAM access to the resources that TPAM manages.

    If you permission model assigns the requestor permission to a user and says that for that user to request access to a session then as long as TPMA has been configured with the information needed to be able to email the approvers and provide notifications when a session is started this will happen by default.

    So all that you ask for is possible and is available by default as long as you configure it to provide what you want.

    Best regards

    Tim

  • Hi Jafar

    Ok I See where you are.

    Have you tried adding an email address or group to the "Send PSM Start Notification"On the PSM Details tab? There are also a number of special addresses that TPAM recognises you can add here to help you reach the correct people as well.

    Check out the admin guide for more details.

    Best regards

    Tim 

  • Yeah, thanks this option i was finding.

    OK , i will check this.

  • eah, thanks this option i was finding.

    OK , i will check this.

    Regards,

    Jafar

  • I have tried this option Send PSM Start Notification"On the PSM Details tab but it is not working. i am not getting any email once the session will start.

  • Hi Jafar

    Really not sure why this is not working.

    Did you try any of the special options mentioned in the admin guide to see if they give you a response?

    Email address that receives notification when a session on this account starts. The following special addresses may also be included: :AllApprovers - all users who can approve the request :Approvers - users that approved the request :Group=Group1,Group2... - comma separated list of one or more group names :RelNotify - release notification email for the account :System - primary email contact for the account

    What version of TPAM code are you running? 

    How are you authenticating the PSM session to the target system?

    Tim

     

  • Hello

    I dont think so this option will work because this system-level email notification only for some setting.

    I am not able to attach the screenshot here.

    I open managed system > Listing > Select the system > Details>

    One option i can find contact email: there i click on the question mark and i can check this option only use for:-

    This email notification is for the following condition:-

    • Password check or change
    • Expired PSM session.
    • Schedule password changes for manually managed accounts
    • Non- managed Account password release expiration
    • Scheduled password change for a manage acccount with send nitification only selected on the password change profile.

    Moreover i found this option, but i dont know which setting it is:-

    Login in /admin > mailagent > Email config :-

    Here i can find one option email type. but  i dont know how i need to conigure.

    My current TPAM version is 2.5.922

    Authentication process:- Some one request the session and Approver will approve this request after that user can access the system.

    Regards,

    Jafar

  • Hi Jafar

    The system level email settings will not help you achieve what you need, These are more notifications for the System administrator.

    The settings you see under the mail agent on the /admin web interface are to allow you to customise the messages that TPAM sends when   notification is triggered

    2.5.922 is not the latest version BUT should support this feature. I was looking at the 2.5.917 documentation where it shown.

    2.5.923 is the present release version. I do not think an update would help with this issue at this stage.

    Sorry I did not make myself clear on the authentication. I was thinking of the settings you use under the PSM Details tab -  Session Authentication tab.

    I was wondering if the authentication method could be making a difference. If it is a local account managed by TPAM or if you use an AD account could make a difference.

     I do not think it should as my understanding is that the email address you enter should be notified when a session is started from that PSM configuration you make.

    Did you try configuring the notification for and overrunning session and see if an email was sent?

    Did you try sending a test email from the /admin web interface mail agent configuration to make sure that TPAM can actually send an email to the account you configured  on the PSM tab?

    Tim

  • Hi

    For the authentication part, i am using local authentication.

    I have tried to send test mail by email agent it is successful.

    As i mentioned earlier

    i found this option, but i dont know which setting it is:-

    Login in /admin > mailagent > Email config :-

    Here i can find one option email type. but i dont know how i need to configure.

    Regards,

    Jafar

    :-

  • Hi Jafar

    You are able to get other notifications so TPAM config on the /admin web interface under Mail Agent Settings - Settings must be correct,

    Also, if you can send a test email to the account you wish to notify from the Test Email Address option at the bottom of the Mail Agent Settings - Settings page this also shows that the mail agent must be working correctly and can contact this recipient..

    The configuration under Email Notification Configuration are to allow you to customise the notifications that are sent. There is not need to change these from default unless you wish to customise them.

    So I do not think you need to change anything on the /admin configuration settings.

    Did you take a look at the logs under the Mail Agent Settings - Agent logs and the Mail Agent Settings - Sent mail lto see if there is anything helpful showing here?

    Did you try any of the special settings to see if they produce a response?

    I am running out of ideas at this stage and at present am not in a position to test anything as my lab is offline.

    It may be time to log a support call. The team there have access to a lot of information and also a test lab to assist them in resolving issues like this.

    I would be very interested to know what the resolution is if you find one so please post if you do.

    Tim

  • Thanks for your support, i will check the logs and update if i find any.

Reply Children
No Data