Access management
Automatic detection of accounts and devices.
JumpServer PAM can independently detect accounts, synchronize with Active Directory or other LDAP directories, and scan the network for new available servers.
All detected accounts and servers can be automatically added to lists in the JumpServer PAM interface for convenient management of user and group access rights to servers and services.
Automatic detection significantly reduces the time required for the initial setup of JumpServer PAM and for keeping user and server lists up-to-date.
Supported systems.
In JumpServer PAM, you can easily configure convenient and secure connections to servers and services so that your internal users, administrators, external contractors, and remote employees can log into authorized systems with a single click.
Connections to Windows, Linux Servers, and Kubernetes Clusters
- via RDP/VNC with file transfer and clipboard direction control;
- via SSH without exposing the password and with command input monitoring;
- via SFTP with file transfer direction control.
Both traditional clients and web browser-based connections are supported.
The server account password is not exposed to the user. All connection sessions are recorded on video, and all keystrokes, transferred files, and clipboard contents are saved for further analysis and automatic response.
Connections to Databases
- MySQL;
- MariaDB;
- Oracle;
- ClickHouse;
- DB2;
- PostgreSQL;
- Dameng;
- MongoDB;
- Redis.
Both traditional clients and web browser-based connections are supported.
Database passwords are not disclosed to users. All actions are logged, and dangerous SQL queries can be blocked from execution.
Connections to Web Applications in Secure Kiosk Mode
- server and network device configuration interfaces;
- CRM/ERP and similar internal and external systems accessed via the web;
- other internal and external websites requiring user authentication.
JumpServer PAM opens and authenticates the user in the web interface without showing the process, then provides access to the browser window in kiosk mode. In this mode, users are restricted from opening new windows, executing commands, or navigating beyond the selected website.
All user actions are recorded on video, and keystrokes are saved for further analysis.
Secure and managed remote access.
User Authentication
When connecting to JumpServer PAM, users utilize their personal accounts, which can either be stored in JumpServer PAM’s local database or verified against a connected LDAP directory (e.g., MS Active Directory or MultiDirectory).
You can configure multi-factor authentication using the LDAP server or within JumpServer PAM. This ensures that even if a password, such as one belonging to an external contractor, is compromised, an attacker cannot gain access to your servers and services.
All subsequent connections to servers and services occur without exposing passwords to the user. The only thing the user sees during the session is a one-time password generated specifically for their session.
Restrictions
Users are limited to a list of servers and services authorized for their connection. Additionally, you can configure:
- connection by approved request (depends on the edition);
- allowed connection hours;
- a list of permitted protocols;
- connections with or without clipboard access, including restrictions on data transfer directions;
- connections with or without file transfers, including restrictions on file transfer directions;
- restrictions on SSH command input;
- restrictions on SQL queries.
All restrictions apply to connections using traditional clients as well as to web browser-based connections.
Need help?
Support during the JumpServer PAM Enterprise Edition PoC
Have you started testing JumpServer PAM EE and encountered an issue? Our process includes organizing email threads or Telegram groups for prompt issue resolution. If you believe you were not added to such a group, please contact your supplier or reach out to us at support@afi-d.com
Training your specialists in configuring and administering JumpServer PAM
As part of an active technical support subscription, we will train your specialists in the installation, configuration, administration of JumpServer PAM, as well as recovery after errors and incidents.
Training is conducted online according to a pre-agreed plan and includes mandatory practical knowledge assessment with the issuance of personalized certificates (upon successful exam completion).
Video tutorials
Visit our channel on YouTube featuring video tutorials on configuring all sections of JumpServer PAM. The videos are updated with each new release.
Technical support for the free JumpServer PAM Community Edition
The idea of implementing a complex but business-critical PAM system can be intimidating due to the perceived complexity of system configuration, training administrators and security specialists, and changes to account management processes.
To make deployment and configuration of JumpServer Community Edition comfortable, and to ensure you can always get help from professionals, AFI Distribution offers an annual technical support subscription.
The support package priced at 1.5 million RUB per JumpServer Community Edition instance (with no limits on the number of users or target systems) includes everything required to use PAM:
- documentation and instructions;
- usage scenarios and recommended deployment architectures;
- training for administrators and information security specialists on working with JumpServer;
- tips and solutions for common questions;
- notifications about new releases with verified upgrade instructions;
- integration with RADIUS and multi-factor authentication “Multifactor” ;
- direct access to an engineer (no first-line support) with a clear SLA.
