Users with administrative rights in the Sectona PAM platform can add new Assets. Users can be added to the system through multiple methods via web form, bulk import, sync with active directory groups, or asset discovery sync.

This chapter covers the following:

Add an asset

The Sectona administrator can integrate new assets and accounts. Go to the Manage section of the application and select the asset management tab.

  • Asset category: Define the asset category example as "Operating System".

  • Asset type: Select the asset category from the drop-down list which contains asset types defined by you.

  • Asset version: Enter the version or release number of the asset type example. If oracle is the asset type then 11g is the version.

  • Hostname: Enter the hostname of the asset.

  • Primary IP: Enter the IP address (v4) to which the connection should be made.

  • Secondary IP (optional): Enter a alternate IP address to access the asset when the primary IP is unreachable or to achieve load balancing.
  • Description: Enter a unique descriptive title for your new asset.

  • Port no: Enter the port number of the host.

  • Database instance: Enter the database instance associated with it.

  • Location (optional): Added location field will be included in every asset location. You can configure system management location tabs here.

  • Criticality level (optional): Added critical field will be included in every asset. This is important for the structuring reports and notifications.

  • Owner (optional): If you have listed owner information for all assets, please include it here.

  • Tags (optional): One can choose multiple tags of their choice to be more specific about the asset.

  • Checkout policy: The option is selected as default as one can select its own policy by unchecking the default option and selecting the policy from the dropdown list available.

  • Rotation policy: The option is selected as default as one can select its own policy by unchecking the default option and selecting the policy from the dropdown list available.

  • Reconciliation policy: The option is selected as default as one can select its own policy by unchecking the default option and selecting the policy from the dropdown list available.

  • Config value 1: The configuration value can be assigned here.

  • Config value 2: The configuration value can be assigned here.

  • Config value 3: The configuration value can be assigned here.

  • Config value 4: The configuration value can be assigned here.

  • Exclude from Account Discovery: When ticked the accounts of this asset will be excluded from the Discovery job.

  • Status: To have the status of the asset active it is checked by default and one can uncheck to disable it.

Update asset attributes

If you want to update/change asset details you can click on the hostname of your asset and a form will appear. Make the necessary changes. Click on the update button and your form will be updated.

Add asset in bulk

Asset's list can be imported in bulk. You can go to asset management from the sidebar and select the Bulk asset option in the add asset option page.

Step1: Add generic asset details

  • Asset category: Select one of the following types

    • Operating System is a system software that manages the hardware and software resources providing services to the user.

    • Database is a structured set of collection of data kept in an organized way that it can easily be fetched.

    • Router is a networking device that helps to transfer packets over wide networks.

    • Firewall is a network security that helps to protect our device by monitoring the incoming and outgoing traffic of the system and acting as a barrier between trusted and untrusted networks.

    • Switch is a networking device that helps to transfer packets over wide networks.

    • SANstorage is a dedicated high-speed network that interconnects and presents a shared pool of storage devices to multiple servers. These help in block level storage.

    • San Switch is a fiber channel switch compatible with FC protocols.

    • Directory Server provides a central repository for storing and managing information. It is a server providing directory services.

    • Tape Library is a storage system that contains multiple tape drives, some bays or slots to hold tapes.

    • Cloud App is a software program where cloud-based and local components work together which relies on remote servers for processing logic that is accessed through a web browser with a an internet connection.

  • Asset Type: Select the asset type.

  • Asset Version: Select the version of the asset.

  • Location: This will specify the location list of your asset which will be enlisted in your dropdown list.

  • Criticality Level: This will  define the level of criticality of the asset.

  • Tags (optional): Add relevant tags to this user. Refer to the section Tags for more information about adding context with tags. 

  • Default Password Checkout Policy: The policy is selected by default. If you want to make changes you can uncheck and select the options available from the drop-down list.

  • Default Password Rotation Policy: The policy is selected by default. If you want to make changes you can uncheck and select the options available from the drop-down list.

  • Default Password Reconciliation Policy: The policy is selected by default. If you want to make changes you can uncheck and select the options available from the drop-down list.

Step 2: Copy Asset Data to be onboarded

  • Download the CSV to add asset details.

  • Copy the text from the editors to the text box.

  • Move to the next step.

Step 3: Summary & Finalize

Validate the data entered and complete the action or review the details.

You can exclude the asset from being discovered by checking on the 'exclude from account discovery 'option'. Using the bulk method administrators can add assets up to a 1000 assets at a time.

Update Bulk Asset Attributes

The asset's list can be updated in bulk. You can go to the Asset Management from the sidebar and select the Update Bulk Assets option under the +Add New Asset(s) drop-down list.

To update/change asset details follow the below steps:

  • Asset Details

    • Tick the checkbox for the fields you want to update and provide the updated value for those fields.

    • Click on the Download Format link.

    • This will download an Excel sheet on your system.

    • Click on the Next button.

  • Copy Text

    • Open the Excel sheet and add details of the assets you want to update.

    • Copy the asset's data filled in the Excel sheet and paste it in the text box.

    • Click on the Next button.

  • Summary

    • Validate the data in the Summary section and click on the Finish button.

Here, all the assets mentioned in the Excel sheet get updated in bulk with the current details.

Update Bulk Asset Security Settings

You can update the security settings such as Session Timeout, Clipboard, File sharing of assets in bulk. You can go to the Asset Management from the sidebar and select the Update Bulk Security Setting under the +Add New Asset(s) drop-down list.

To update/change security settings details, follow the below steps:

  • Settings Details
  • Uncheck the default value checkbox
  • Tick the checkbox for the security fields you want to update and provide the updated value for those fields.
  • Click on the Download Format link.
  • This will download an Excel sheet on your system.
  • Click on the Next button.
  • Copy Text
  • Open the Excel sheet and add details of the assets you want to update.
  • Copy the asset's data filled in the Excel sheet and paste it in the text box.
  • Click on the Next button.
  • Summary
  • Validate the data in the Summary section and click on the Finish button.
  • The security settings for all the assets mentioned in the Excel sheet will be updated with the current details.

Add assets from discovery jobs

A Sectona Administrator can set up new assets to be onboarded by going to the Manage → Asset Discovery +Add New Asset Discovery Job. Select Job Type. 

While adding the information, make sure you select the Yes option for the Onboard Assets field.

You can check whether the assets are on-boarded by selecting the Discovery View option in the Manage section.

You will find a column named Vaulted on the screen.

If the value in the Vaulted column is Yes then the asset is onboarded, and if the value is No then the asset is not on-boarded. You can onboard the asset by clicking on the  icon and then selecting the Onboard option. In the Last Discovered On column, you will get the date and timestamp when the assets were last discovered.

Adding additional security to assets

A user accesses an asset using a particular account. Certain permissions are given to that user from Policies → User Access Policy → Manage Permissions.

To add additional security-related session timeout, clipboard and file sharing follow the given steps:

  • Navigate to Manage → Asset Management.

  • Click on the icon and select Security Settings.

  • To add a session lockout time, untick the Global checkbox under Session Lockout and select a session timeout value from the drop-down list.

  • To disable the clipboard on the selected asset, Untick the default checkbox and select Disable for All option.

  • To disable file sharing on the selected asset, Untick the default checkbox and select Disable for All option.

The global value for Session Timeout is under System → System Defaults → User Session Lockout (Minutes). The default permissions for clipboard and file sharing can be checked from Policies → User Access Policy → Manage Permissions.

Adding a new asset type 

  • Navigate to the "Configuration" section in the navigation bar.

  • Click on the "Asset type" in the sidebar.

  • Click on "+New Asset type" button. A form will appear in front of you to fill in the credentials.

    • Asset category: Select one of the asset types from the drop-down list.

    • Asset type: Define a suitable name for the asset type.

    • Default port: The default port for the asset type should be provided.

  • Click on the "Save" button and your access type will be created.