Log In to the Server
You can log in to and can perform administrator and end-user activities using the following options:
You can log in to
Privileged Access Managerand can perform administrator and end-user activities using the following options:
- A web browser
- ThePAMClient. You install the Client on your local workstation. The Client is an alternative to a web browser. The client does not interfere with the browser-based UI access. Both methods can be used from the same workstation.
This topic describes:
In addition to the UIs, other options for access include:
Log in Using a Web Browser
To log in using a web browser, follow these steps:
- Open a web browser and navigate to server URL usingoneof the following formats:https://server_ip_address/orhttps://fqdn_of_serverserver_ip_addressorfqdn_of_serveris the system where you installed thePAMserver.Examples:
- At the login page, enter your credentials.The credentials are specific to the server. The login experience can be different for the following reasons:
- Single sign-on provisioning might be set up.
- You might have to supply credentials at the point of login to a target system. Your server administrator can tell you this.
- TheAuthentication Typefield on the login page has a value other than Local, such as RSA or RADIUS. As a result, specify which authentication domain to use.
- You are prompted to accept an organizational license.
When a user with an Active Directory account attempts to log in following expiration or temporary replacement of a password, the
My Infopage appears. On this page, the user must change the password. The password is propagated to update to Active Directory.
CA PAM Client Access
For details on installing and using the Client, see Deploy the CA PAM Client.
The steps to use the Client are:
- Access from the login screen of the browser login page.
- Download the installer executable on to a local workstation where you plan to use the Client, such as a laptop.
- Run the installer.
- After the installation is complete, launch the Client application and log in.
Password Change on First Login
When you log in the first time, you are prompted to change your password.
Follow these password requirements:
- Differ from the previous password
- Be a length between the Global Settings values forMin Length(default: 6) andMax Length(default: 14)
- Have at least one (Latin) alphabet character
- Have at least one numerical digit character
You can also specify other account information. To modify these settings, select your name in the Tool bar.
Select the account name in the top right corner of the UI to view and modify account information. Many of the fields are self-explanatory, but note the following settings.
Used by the RDP applet as credentials for access to a remote Windows device. This field accepts a name with an embedded backslash to log in to a domain account.
Mainframe Display Name
Display Name that is used by the AS/400 applets TN3270, TN3270SSL, TN5250, TN5250SSL
Conforms the keyboard input to native keyboard output. Select the pull-down arrow to display all available language options.
Email self on login
Enables an email to be sent to the email address entered in the Basic Info page. Alerts you when the account is being used by someone else.
Email on Login
Enables an email to be sent to the email address of a specific user or administrator.
SSH and Telnet CLI Terminal Customization
Select this box to display settings for configuring the command-line interface terminal.
Select the resolution for the RDP terminal.
Displayed Landing Page After Login
After you log in to the server, the page you see depends on your user role.
- If you have Global Administrator privileges, the Dashboard displays. Users with such privileges include the superuser, the Global, and the Operational Administrator. More information about the Dashboard is available here.
- For all other users, the Access page displays. From the Access page, you can make connections to target devices and view passwords.