New Features in PowerBroker Password Safe 6.0

PowerBroker Password Safe version 6.0 improves on key features and capabilities in adaptive workflow, session management, and password management with unmatched levels of security, scalability and control.

Quickly Connect to SSH Sessions with DirectConnect

Connecting to a webpage to request access to an SSH session can be seen as an unnecessary step for administrators that primarily work within command line environments, especially when those sessions are generally auto-approved. PowerBroker Password Safe version 6.0 lets you automatically launch an SSH session by simply passing a connection string to the proxy. In this manner, you can choose to bookmark and store favorites directly in your SSH clients such as PuTTY, MobaXterm, Reflection etc. For example: btlab\user@root@systemx@passwordsafeproxy In this example, when passing the connection string to the Password Safe proxy, the user will be prompted for the password of their own account (btlab\user), then directly logged onto an SSH session running as root on systemx. [caption id="attachment_17441" align="alignnone" width="797"]doc-pbps-6-0-ssh-directconnect PowerBroker Password Safe version 6.0 lets you automatically launch an SSH session by simply passing a connection string to the proxy.[/caption] No agents need to be installed on the hosts, and connection to any SSH system is supported, including Unix/Linux hosts, and network devices such as routers or firewalls. Password Safe SSH DirectConnect allows sessions to be easily established via your existing desktop tools without having to initiate via a web interface.

Manage Privileged And Non-Privileged Accounts Through SailPoint IdentityIQ Integration

Managing user access for both privileged and non-privileged accounts is a serious problem for IT security teams, requiring multiple interfaces to achieve a tighter level of security and compliance. In order to meet audit and compliance mandates, IT teams need to address three critical questions around user access. While identity and access management (IAM) solutions help IT teams answer ‘who has access to what’, they do not account for privileged user access, addressing ‘is that access appropriate?’ and ‘is that access being used appropriately?’ With Password Safe version 6.0, SailPoint IdentityIQ customers can leverage a dynamic, bi-directional certified integration allowing organizations to effectively manage user access for both privileged and non-privileged accounts. Integration between these two leading solutions enables organizations to address the challenges of privileged password and session management, and enforcing a least privilege access model. The SailPoint IdentityIQ and BeyondTrust integration includes feeding entitlement data into SailPoint IdentityIQ for both privileged and non-privileged access. User lifecycle events resulting in changes to privileged access are automatically provisioned into Password Safe. [caption id="attachment_17440" align="alignnone" width="779"]SailPoint IdentityIQ Integration Dynamic integration between PowerBroker Password Safe and SailPoint IdentityIQ helps IT organizations manage privileged and non-privileged access.[/caption]

Active/Active Targeted Password Change

In large environments where active/active deployment methodologies are used, it is often advantageous to focus the scope of what Password Safe nodes are able to process. With Password Safe version 6.0, Agents are built into every node and can selectively process Password Change, Password Test, and Account notification queue items for designated workgroups. SSH Sessions with DirectConnect For distributed environments, this ensures complete scalability by distributing the password change workload to specific Password Safe Agents. Heavily firewalled and segmented networks also benefit by allowing an Agent to be placed close to managed resources, removing the need to open up multiple firewall ports.

Additional Enhancements

Password Safe version 6.0 also includes the following enhancements to further improve usability: 1) Custom Platform Editing - Import/Export/Clone 2) Authentication/Authorization
  • SAML support
  • Add AD accounts to local groups
  • AD binding enhancements
  • New role-based replay/monitor permissions
  • Pre-login banner
  • Access policy risk ratings
For distributed environments, this ensures complete scalability by distributing the password change workload to specific Password Safe Agents. Heavily firewalled and segmented networks also benefit by allowing an Agent to be placed close to managed resources, removing the need to open up multiple firewall ports. 3) Additional platform support for:
  • MongoDB
  • WebLogic
  • IBM WebSphere
  • CA Technologies Service Desk Manager
  • BMC Software Remedy
  • Service Now
4) Asset Management
  • SSH key auto discovery
  • DNS asset connection
  • Asset onboarding processing enhancements
  • Auto onboarding via SID/privilege
  • Password testing without shell access
  • su elevation
  • Asset/account editing improvements
5) UI enhancements – auto wildcard search capabilities 6) Session management enhancements
  • Conditional masking
  • Clickable progress bar
  • Concurrent session limits
  • RDP smart sizing
  • Configurable ports
  • OneClick enhancements
  • SSH landing page bypass
7) API Enhancements
  • API key rotation and improved key strength
  • Cache enhancements
  • CLI tool
  • Additional attributes / queries