PAM Remote Browser

KeeperPAM resource for managing remote browser isolation access to a protected web application

Overview

A PAM Remote Browser is a type of KeeperPAM resource that represents a remote browser isolation target, such as a protected internal application or cloud-based web app.

PAM Record Type
Supported Assets

PAM Remote Browser

Any http:// or https:// web application, on-prem or in the cloud

What is Remote Browser Isolation

KeeperPAM remote browser isolation records provide secure access to internal and cloud-based web applications through a protected browser, embedded within the vault. This browser is projected visually from the Keeper Gateway through the Keeper Vault, isolating the session and providing zero-trust access.

Features Available

The PAM Remote Browser resource supports the following features:

  • Zero-trust Connections over http:// and https:// websites

  • Session recording

  • Sharing access without sharing credentials

  • Autofill of linked credentials and 2FA codes

  • URL AllowList patterns

  • Navigation bar

Connecting to the protected web application requires only that the Keeper Gateway has access to the target website. The Keeper Vault operates independently and does not require direct connectivity to the website, leveraging Keeper's zero-trust network access model to securely manage access through the Gateway. See the network architecture diagram for more details.

Creating a Remote Browser Isolation Record

Prior to creating a PAM Remote Browser, make sure you have already created a PAM Configuration. The PAM Configuration contains information of your target infrastructure while the PAM Remote Browser contains information about the target web application and associated access rules.

To create a PAM Remote Browser:

  • Click on Create New

  • Select "Connection"

  • On the prompted window:

    • Select "New Record"

    • Select the Shared Folder you want the record to be created in

    • Specify the Title

    • Select "Browser" for the Target

  • Click "Next" and complete all of the required information.

Creating a Browser Isolation Record

PAM Remote Browser Record Type Fields

The following table lists all the configurable fields on the PAM Remote Browser Record Type:

Field
Description
Notes

URL

IP or Website address

Required The target URL only needs to be accessible from the Keeper Gateway

PAM Settings and Administrative Credentials

On the "PAM Settings" section of the vault record, you can configure the KeeperPAM Connection and link a PAM User credential for performing autofill.

PAM Settings on a Remote Browser Isolation resource
PAM Settings for Remote Browser Isolation
Autofill Credentials for Remote Browser Isolation

PAM Settings

Field
Description
Required

PAM Configuration

Associated PAM Configuration record which defines the environment

Required

Browser Autofill Credentials

Linked PAM User credential used for autofill

Protocol

Native protocol used for connecting from the Gateway to the target

Required

Session Recording

Options for recording sessions and typescripts

See session recording

Browser Settings (multiple)

Browser-specific protocol settings

See RBI page

PAM Remote Browser resource

Additional information on Remote Browser Isolation is available at this page.

PreviousPAM DirectoryNextPAM User

Last updated

Was this helpful?