RBI Connections

Keeper Connections - Remote Browser Isolation (http/https) Protocol

Overview

KeeperPAM enables zero-trust privileged session management for web applications using the Remote Browser Isolation (RBI) protocol. This guide explains how to configure RBI connections on your PAM Remote Browser Records in the Keeper Vault. Secure web sessions are initiated from the Vault, routed through the Keeper Gateway, and delivered directly to target applications.

Prerequisites

Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.

The following PAM records are needed in order to successfully setup this protocol:

PAM Record
Definition

PAM Configuration

The PAM Configuration contains information of your target infrastructure.

PAM Remote Browser

The PAM Remote Browser record contains information of the endpoint you want to establish a web session to.

PAM User Record

The PAM User record contains the user credentials that will be used to autofill credentials on the web page.

This guide will use a Jenkins web application.

PAM Settings - Configuring RBI

Accessing Connection Settings

After creating a PAM Remote Browser with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:

  1. Editing the PAM Record

  2. Clicking on "Set Up" in the PAM Settings section

  3. Navigate to the "Connection" section in the prompted window

Configuring Connection Settings

Prior to configuring the RBI protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:

The following table lists all the configurable settings for the RBI protocol on the PAM Settings:

Field
Definition

Enable Remote Browser Isolation

Required

To enable connection for this record, this toggle needs to be enabled.

Graphical Session Recording

When enabled, graphical session recordings will be enabled for this record.

Include Key Events

When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.

Allow navigation via direct URL manipulation

Shows a website address tool in the user interface that allows the user to navigate.

Ignore server certificate

Instructs RBI to ignore invalid or expired SSL certificates on the website that is explicitly set in the URL field for the record. Certificates are required for any other domains during the session.

Allowed URL Patterns

The patterns of all URLs that the user should be allowed to visit, regardless of whether via manual navigation (URL bar) or interacting with the current page. Multiple patterns may be specified, separated by newlines. If specified, only pages matching patterns in the list are permitted. By default, all URLs are permitted.

Allowed Resource URL Patterns

The patterns of all URLs that the a page should be allowed to load as a resource, such as an image, script, stylesheet, font, etc. Multiple patterns may be specified, separated by newlines. If specified, only resources matching patterns in the list are permitted to be loaded. By default, no restrictions are imposed on resources loaded by pages.

Can copy to clipboard

If enabled, text copied within the connected protocol session will be accessible by the user.

Can paste from clipboard

If enabled, user can paste text from clipboard within the connected protocol session.

Browser Autofill

KeeperPAM provides the capability of autofilling a username, password and TOTP code into a target website login screen.

Session Recordings - RBI Protocol

RBI Session Recordings
PreviousKubernetesNextExamples

Last updated

Was this helpful?