Local Environment Setup

Setting up your Local environment to work with KeeperPAM

Local Environment Overview

The PAM Configuration contains critical information on your local infrastructure, settings and associated Keeper Gateway. This guide provides step-by-step instructions for configuring the PAM Configuration in your local environment, enabling the Keeper Gateway to manage all resources within it and allowing users to utilize KeeperPAM features on those resources.

Prerequisites

Prior to proceeding with this guide, make sure to install and configure your Keeper Gateway.

Creating PAM Configuration

To create a new PAM Configuration:

Login to the Keeper Vault
Select Secrets Manager and the "PAM Configurations" tab
Click on "New Configuration"

PAM Configuration Fields - Local Environment

The following tables provides more details on each configurable fields in the PAM Configuration record for the local environment:

Field

Description

Notes

Title (Required)

Name of PAM configuration record

Ex: Local Configuration

Environment (Required)

Your infrastructure's environment

For this guide, select "Local"

Gateway (Required)

The configured gateway

See docs for more info

Application Folder (Required)

The shared folder where the PAM Configuration data will be stored

Best practice is to create a folder with limited access to admins. See Security Note (1) below

PAM Settings (Required)

List of Zero-Trust KeeperPAM features that should be enabled

See this section for more info

Default Rotation Schedule

Specify frequency of Rotation

Ex: Daily

Port Mapping

Define alternative default ports

Ex: 3307=mysqlSee port mapping docs

For Discovery, the following fields are required, otherwise they are optional:

Field

Description

Notes

Network ID

Unique ID for the network

This is for the user's reference

Ex: My Network

Network CIDR

Subnet of the IP address

Ex: 192.168.0.15/24 Refer to this for more info

PAM Features

The "PAM Features Allowed" and "Session Recording Types Allowed" sections in the PAM Configuration allow owners to enable or disable KeeperPAM features for resources managed through the PAM configuration:

Field

Description

Rotation

If enabled, allow rotations on privileged user users managed by this PAM configuration

Connections

If enabled, allow connections on resources managed by this PAM configuration

Remote Browser Isolation (RBI)

If enabled, allow RBI sessions on resources managed by this PAM configuration

Tunneling

If enabled, allow tunnels on resources managed by this PAM configuration

Graphical Session Recording

If enabled, visual playback sessions will be recorded for all connections and RBI sessions

Text Session Recording (TypeScript)

If enabled, text input and output logs will be logged for all connections and RBI sessions

Configuring PAM Features on PAM Record Types

After creating the PAM configuration, visit the following pages to:

Configure Rotation
Configure Connections
Configure RBI
Configure Tunnels
Configure Discovery

PreviousAzure Environment Setup NextPAM Resources

Last updated 4 months ago

Was this helpful?