[MUSIC PLAYING] In this video, I'm going to add an asset to my PAM Essentials infrastructure. I'm going to initially go to Configuration, Infrastructure Assets, and I'm going to click on New asset group. We're going to call this Remote Desktops. And inside the asset group, I can add assets to this group. I can add it manually. I can select existing assets. I'm going to go ahead and add it manually here.
You name the asset accordingly. You determine the platform that it exists on. You can specify exactly what network agent is being utilized. And then you would go ahead and put the IP address of that system. I'm going to add the IP address of the machine that I'm currently on. We'll run ipconfig to determine what that IP address is. And I'll go ahead and copy this over.
Once I've done that, then you can see there's some additional configuration in here. We're going to say that this machine does not belong to a domain. But if it does belong to a domain, you can actually use domain users. And then we're going to set up the system to use a specific user account.
And when we do this, you can say create a new account that is managed by PAM Essentials or use an existing service account. I'm going to use an existing service account in this scenario. When an existing service account is being utilized, we're getting this warning here because what we're going to do is actually rotate the credential for that existing service account.
So on this system, I'm going to go to Control Panel. And I want to see what user accounts are available to me. I'm going to manage other accounts. And you'll see here I have a PAM Essentials admin account. I'm going to go ahead and change the password for this account. And now that I've changed the password for that account, I'm going to use that account here. And I'm going to type in that new password.
And what's going to happen next is that it's going to go to this account and go to this IP address and rotate the credentials for this account. I like to call this account the control account because this account is controlling the system. And it will not ever be used for users to check out that particular account.
I'll go ahead and click on Add asset. It's now going to traverse the network through our network agent and find that particular asset. And you'll see here it found the asset. And it says that there's zero accounts. The reason for that is because the account that is the control account is being leveraged. But the user account is not available for users to manage that particular account or check that account.
So I'm going to go back to my users and groups here. And I'm going to manage other users. And I have another user. And this is PAM Essentials or just standard users. I'm going to go ahead and add that. So when I add this account, we're going to go ahead and manage this account. It's going to say that current password is going to be changed. It will regularly be rotated. And it's going to be available in the UI system.
And when we say give PAM access, it's going to go ahead and rotate that password. But it's going to use the control account to do so. Says the password's been rotated. That's what you're seeing here. It's also showing that there's no access because this is not defined into a group. And we'll create an account group specifically for this system. We'll just call this Local Accounts.
Now that it's been defined to a group, everything looks good, I'm going to go ahead and close this. So this asset's available. It's a part of a particular group. It has not been defined to an access policy. You'll see here asset group account is defined. Now we go ahead and create an access policy. The access policy is giving permission to a subset of users that can actually request access to the system.
And we'll define the group there. So we named it accordingly. And then we're going to say allow for account group access as well, specify local accounts. And then we can go ahead and assign this role to individuals. I'm going to go ahead and assign that to all of my PAM users. And once I create a policy, you're going to see that the policy is now enabled. And if I go back to my OneLogin tiles here, I'm going to go to PAM users. And you'll see that this system is now available for me to connect to.
[MUSIC PLAYING]
05:56