Skip to main content
Skip table of contents

Adding assets in the system

Users with administrative rights in the Sectona PAM platform can add new Assets. Users can be added to the system via web form, bulk import, sync with active directory groups, or asset discovery sync.

This chapter covers the following:

Add an asset

The Sectona administrator can integrate new assets and accounts. Go to the Manage section of the application and select the Asset Management tab. Click +Add New Asset(s). From the drop-down menu, click New Asset.

  • Asset category: Define the asset category example as "Operating System."

  • Asset type: Select the asset category from the drop-down list which contains asset types defined by you.

  • Asset version: Enter the version or release number of the asset type example. If oracle is the asset type, then 11g is the version.

  • Hostname: Enter the hostname of the asset.

  • Primary IP: Enter the IP address (v4/v6) to which the connection should be made.

  • Secondary IP (optional): Enter an alternate IP address (v4/v6) to access the asset when the primary IP is unreachable or to achieve load balancing.
  • Description: Enter a unique descriptive title for your new asset.

  • Port no: Enter the port number of the host.

  • Location (optional): Added location field will be included in every asset location. You can configure system management location tabs here.

  • Criticality level (optional): Added critical field will be included in every asset. This is important for structuring reports and notifications.

  • Owner (optional): If you have listed owner information for all assets, please include it here.

  • Tags (optional): One can choose multiple tags to be more specific about the asset.

  • Checkout Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 

  • Rotation policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list.

  • Reconciliation policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list.

  • Asset JIT policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list.
  • Config value 1: The configuration value can be assigned here.

  • Config value 2: The configuration value can be assigned here.

  • Config value 3: The configuration value can be assigned here.

  • Config value 4: The configuration value can be assigned here.

  • Exclude from Account Discovery: When ticked, the accounts of this asset will be excluded from the Discovery job.

  • Status: To have the asset's status active, it is checked by default, and one can uncheck it to disable it.

Update asset attributes

If you want to update/change asset details, you can click on the hostname of your asset, and a form will appear. Make the necessary changes. Click on the update button, and your form will be updated.

Add assets in bulk

Asset lists can be imported in bulk. Go to the Manage section of the application and select the Asset Management tab. Click +Add New Asset(s). From the drop-down menu, click the Import Bulk Assets option.

Step1: Add generic asset details

  • Asset category: Select one of the following types

    • Operating System is a system software that manages the hardware and software resources providing services to the user.

    • A database is a structured set of data collection kept in an organized way that can easily be fetched.

    • The router is a networking device that helps to transfer packets over wide networks.

    • A firewall is a network security that helps to protect our device by monitoring the incoming and outgoing traffic of the system and acting as a barrier between trusted and untrusted networks.

    • The switch is a networking device that helps to transfer packets over wide networks.

    • SANstorage is a dedicated high-speed network that interconnects and presents a shared pool of storage devices to multiple servers. These help in block-level storage.

    • San Switch is a fiber channel switch compatible with FC protocols.

    • A directory server provides a central repository for storing and managing information. It is a server providing directory services.

    • Tape Library is a storage system containing multiple tape drives, bays, or slots to hold tapes.

    • Cloud App is a software program where cloud-based and local components work together, which relies on remote servers for processing logic that is accessed through a web browser with an internet connection.

    • Security Device or a token is provided to authorized users so they can authenticate themselves to access network resources or services.
    • Workstation is a high-performance computer system dedicated to an individual or a group of users for professional and business purposes.
  • Asset Type: Select the asset type.

  • Asset Version: Select the version of the asset.

  • Location: This will specify your asset's location list, which will be enlisted in your dropdown list.

  • Criticality Level: This will define the level of criticality of the asset.

  • Tags (optional): Add relevant tags to this user. Refer to the section Tags for more information about adding context with tags. 

  • Default Password Checkout Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 

  • Default Password Rotation Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 

  • Default Password Reconciliation Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 

  • Default Asset JIT Policy: This option is selected by default. You can uncheck this option and select the required policy from the drop-down list. 
  • Exclude from Account Discovery: When ticked, the accounts of this asset will be excluded from the Discovery job.

  • Status: To have the asset's status active, it is checked by default, and one can uncheck it to disable it.

  • Click Next.

Step 2: Copy Asset Data to be onboarded

  • Download the CSV to add asset details.

  • Copy the text from the editors to the text box.

  • Move to the next step.

Step 3: Summary & Finalize

Validate the data entered and complete the action or review the details.

You can exclude the asset from being discovered by checking on the 'exclude from account discovery 'option.' Administrators can use the bulk method to add up to 1000 assets simultaneously.

Update Bulk Asset Attributes

The asset list can be updated in bulk. You can go to Asset Management from the sidebar and select the Update Bulk Assets option under the +Add New Asset(s) drop-down list.

To update/change asset details, follow the below steps:

  • Asset Details

    • Tick the checkbox for the fields you want to update and provide the updated value for those fields.

    • Click on the Download Format link.

    • This will download an Excel sheet on your system.

    • Click on the Next button.

  • Copy Text

    • Open the Excel sheet and add details of the assets you want to update.

    • Copy the asset's data from the Excel sheet and paste it into the text box.

    • Click on the Next button.

  • Summary

    • Validate the data in the Summary section and click on the Finish button.

Here, all the assets mentioned in the Excel sheet get updated in bulk with the current details.

Update Bulk Asset Security Settings

You can update the security settings such as Session Timeout, Clipboard, and File sharing of assets in bulk. You can go to Asset Management from the sidebar and select the Update Bulk Security Setting under the +Add New Asset(s) drop-down list.

To update/change security settings details, follow the below steps:

  • Settings Details
  • Uncheck the default value checkbox
  • Tick the checkbox for the security fields you want to update and provide the updated value for those fields.
  • Click on the Download Format link.
  • This will download an Excel sheet on your system.
  • Click on the Next button.
  • Copy Text
  • Open the Excel sheet and add details of the assets you want to update.
  • Copy the asset's data into the Excel sheet and paste it into the text box.
  • Click on the Next button.
  • Summary
  • Validate the data in the Summary section and click on the Finish button.
  • The security settings for all the assets mentioned in the Excel sheet will be updated with the current details.

Add assets from discovery jobs

A Sectona Administrator can set up new assets to be onboarded by going to the Manage → Asset Discovery +Add New Asset Discovery Job. Select Job Type. 

While adding the information, select the Yes option for the Onboard Assets field.

You can check whether the assets are on-boarded by selecting the Discovery View option in the Manage section.

You will find a column named Vaulted on the screen.

If the value in the Vaulted column is Yes, then the asset is onboarded, and if the value is No, then the asset is not on-boarded. You can use onboard the asset by clicking on the action icon and selecting the Onboard option. In the Last Discovered On column, you will get the date and timestamp when the assets were last discovered.

Adding additional security to assets

A user accesses an asset using a particular account. Specific permissions are given to that user from Policies → User Access Policy → Action icon  Manage Permissions.

To add additional security-related session timeout, clipboard, and file sharing, follow the given steps:

  • Navigate to Manage → Asset Management.

  • Click on the 'action' icon and select Security Settings.

  • To add a session lockout time, untick the Global checkbox under Session Lockout and select a session timeout value from the drop-down list.

  • To disable the clipboard on the selected asset, Untick the default checkbox and select Disable for All option.

  • To disable file sharing on the selected asset, Untick the default checkbox and select Disable for All option.

  • To disable direct access, Untick the default checkbox and select the Restrict option.

  • To enable or disable the session & web session proxy, select or untick the Disable option.

Note: If the option is enabled, the session will go through the proxy server port 22; if the option is disabled, it will connect directly to the default port 3389. 

  • To enforce MFA for the new session as per the asset security settings, Untick the default checkbox and select the Enforce option.
    Note: Once the user selects the Enforce option, the system will ask for MFA whenever the user tries to access the asset with any access type.
  • Click Save.
DescriptionRepresentation
Action

The global value for Session Timeout is under System → System Defaults → User Session Lockout (Minutes). The default permissions for clipboard and file sharing can be checked from Policies → User Access Policy → Manage Permissions.

Adding a new asset type 

  • Navigate to the "Configuration" section in the navigation bar.

  • Click on the "Asset type" in the sidebar.

  • Click on the "+Add Asset Type" button. A form will appear in front of you to fill in the credentials.

    • Asset category: Select one of the asset types from the drop-down list.

    • Asset type: Define a suitable name for the asset type.

    • Default port: The default port for the asset type should be provided.

  • Click the "Save" button, and your access type will be created.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.