Log In to the Server

You can log in to  and can perform administrator and end-user activities using the following options:
capam33
You can log in to
Privileged Access Manager
and can perform administrator and end-user activities using the following options:
  • A web browser
  • The
    PAM
    Client. You install the Client on your local workstation. The Client is an alternative to a web browser. The client does not interfere with the browser-based UI access. Both methods can be used from the same workstation.
This topic describes:
2
In addition to the UIs, other options for access include:
Log in Using a Web Browser
To log in using a web browser, follow these steps:
  1. Open a web browser and navigate to server URL using
    one
    of the following formats:
    https://
    server_ip_address
    /
    or
    https://
    fqdn_of_server
    server_ip_address
    or
    fqdn_of_server
    is the system where you installed the
    PAM
    server.
    Examples:
    • https://102.200.11.222/
    • https://capam.forwardinc.com
  2. At the login page, enter your credentials.
    The credentials are specific to the server. The login experience can be different for the following reasons:
    • Single sign-on provisioning might be set up.
    • You might have to supply credentials at the point of login to a target system. Your server administrator can tell you this.
    • The
      Authentication Type
      field on the login page has a value other than Local, such as RSA or RADIUS. As a result, specify which authentication domain to use.
    • You are prompted to accept an organizational license.
When a user with an Active Directory account attempts to log in following expiration or temporary replacement of a password, the
My Info
page appears. On this page, the user must change the password. The password is propagated to update to Active Directory.
CA PAM Client Access
For details on installing and using the Client, see Deploy the CA PAM Client.
The steps to use the Client are:
  1. Access from the login screen of the browser login page.
  2. Download the installer executable on to a local workstation where you plan to use the Client, such as a laptop.
  3. Run the installer.
  4. After the installation is complete, launch the Client application and log in.
Password Change on First Login
When you log in the first time, you are prompted to change your password.
Follow these password requirements:
  • Differ from the previous password
  • Be a length between the Global Settings values for
    Min Length
    (default: 6) and
    Max Length
    (default: 14)
  • Have at least one (Latin) alphabet character
  • Have at least one numerical digit character
You can also specify other account information. To modify these settings, select your name in the Tool bar.
Account Information
Select the account name in the top right corner of the UI to view and modify account information. Many of the fields are self-explanatory, but note the following settings.
Basic Info
RDP Username
Used by the RDP applet as credentials for access to a remote Windows device. This field accepts a name with an embedded backslash to log in to a domain account.
Mainframe Display Name
Display Name that is used by the AS/400 applets TN3270, TN3270SSL, TN5250, TN5250SSL
Keyboard Layout
Conforms the keyboard input to native keyboard output. Select the pull-down arrow to display all available language options.
Administration
Email self on login
Enables an email to be sent to the email address entered in the Basic Info page. Alerts you when the account is being used by someone else.
Email on Login
Enables an email to be sent to the email address of a specific user or administrator.
Terminal Customization
SSH and Telnet CLI Terminal Customization
Select this box to display settings for configuring the command-line interface terminal.
RDP Resolution
Select the resolution for the RDP terminal.
Displayed Landing Page After Login
After you log in to the server, the page you see depends on your user role.
  • If you have Global Administrator privileges, the Dashboard displays. Users with such privileges include the superuser, the Global, and the Operational Administrator. More information about the Dashboard is available here.
  • For all other users, the Access page displays. From the Access page, you can make connections to target devices and view passwords.