FortiPAM
FortiPAM allows you to protect, isolate and secure privileged account credentials, manage and control privileged user access, and monitor and record privileged account activity.
rbraha
Staff
Staff
Article Id 314464
Description

 

This article describes how to launch a template with view permissions using  a secret with Web Account template.

 

Scope

 

FortiPAM.

 

Solution

 

When launching a Web Account secret for accessing a web server or a web application platform, it is possible to see an error where the 'Web Launcher' is greyed out when launching the secret with user view permissions.

 

web1.png

 

If giving the user permission to Edit, Web Launcher will be possible but in FortiPAM v1.3.0 it is enough to give the user view permissions but it is necessary to use Target as well with Web Proxy enabled.

 

To improve security, FortiPAM offers a new web proxy feature to dynamically operate on the web browser tab's PAC rule (on Google Chrome and Microsoft Edge) to successfully proxy the traffic to FortiPAM based on the configured domain. On Mozilla Firefox, FortiPAM sends the request to the web proxy instead.

 

In this example, a target will be created for accessing the FortiGate web interface:

A target is a server/device with a privileged account supporting RDP, SSH, Web, or other admin protocols. Target systems include Windows workstations, Windows domain controllers, Web servers, Unix servers, SQL- servers, routers, or firewalls.

It is possible to create targets for the secrets stored in FortiPAM. One target can be used for multiple secrets, if appropriate.

 

web2.png

 

On this test, the user 'pirlo' will have view permissions on this secret.

 

web3.png

 

When launching the secret the 'Web Launcher' field will be visible and it runs correctly.

 

web4.png