RBI Connections
Keeper Connections - Remote Browser Isolation (http/https) Protocol
Overview
KeeperPAM enables zero-trust privileged session management for web applications using the Remote Browser Isolation (RBI) protocol. This guide explains how to configure RBI connections on your PAM Remote Browser Records in the Keeper Vault. Secure web sessions are initiated from the Vault, routed through the Keeper Gateway, and delivered directly to target applications.
Prerequisites
Prior to following this guide, familiarize yourself with the prerequisites on the Connection's Getting Started page.
The following PAM records are needed in order to successfully setup this protocol:
PAM Configuration
The PAM Configuration contains information of your target infrastructure.
PAM Remote Browser
The PAM Remote Browser record contains information of the endpoint you want to establish a web session to.
PAM User Record
The PAM User record contains the user credentials that will be used to autofill credentials on the web page.
This guide will use a Jenkins web application.
PAM Settings - Configuring RBI
Accessing Connection Settings
After creating a PAM Remote Browser with your target endpoint, navigate to the Connection Section on the PAM Settings screen by:
Editing the PAM Record
Clicking on "Set Up" in the PAM Settings section
Navigate to the "Connection" section in the prompted window
Configuring Connection Settings
Prior to configuring the RBI protocol settings on the PAM Settings screen, the following fields are all required and need to be configured:
PAM Configuration
This is the PAM Configuration that contains the details of your target infrastructure and provides access to the target configured on the PAM Record.
Administrative Credential Record
This is the linked PAM User that will be used to authenticate to the target and perform administrative operations on it.
The following table lists all the configurable settings for the RBI protocol on the PAM Settings:
Enable Remote Browser Isolation
Required
To enable connection for this record, this toggle needs to be enabled.
Graphical Session Recording
When enabled, graphical session recordings will be enabled for this record.
Include Key Events
When enabled, the individual keystroke data will be included in the session playback. Note: This will include any secrets potentially typed by the user.
Allow navigation via direct URL manipulation
Shows a website address tool in the user interface that allows the user to navigate.
Ignore server certificate
Instructs RBI to ignore invalid or expired SSL certificates on the website that is explicitly set in the URL field for the record. Certificates are required for any other domains during the session.
Allowed URL Patterns
The patterns of all URLs that the user should be allowed to visit, regardless of whether via manual navigation (URL bar) or interacting with the current page. Multiple patterns may be specified, separated by newlines. If specified, only pages matching patterns in the list are permitted. By default, all URLs are permitted.
Allowed Resource URL Patterns
The patterns of all URLs that the a page should be allowed to load as a resource, such as an image, script, stylesheet, font, etc. Multiple patterns may be specified, separated by newlines. If specified, only resources matching patterns in the list are permitted to be loaded. By default, no restrictions are imposed on resources loaded by pages.
Can copy to clipboard
If enabled, text copied within the connected protocol session will be accessible by the user.
Can paste from clipboard
If enabled, user can paste text from clipboard within the connected protocol session.
Browser Autofill
KeeperPAM provides the capability of autofilling a username, password and TOTP code into a target website login screen.
Session Recordings - RBI Protocol
For this protocol, graphical data, including timing information, is recorded. For more details on the recordings and how to access them, see the Session Recording & Playback docs.
Last updated
Was this helpful?