Remote Access Configuration in Kron PAM

Remote Access Configuration is the page where administrators can set the working hours of vendors in Kron PAM. 
Before making configurations, you need to add the cloud server name and allow access from the cloud server to Kron PAM.
Add the cloud server name for the link attached to the email:
Navigate to Administration > System Config Man
Set the following parameter as the Remote Access Portal (cloud server) address and Save:
Parameter Name
Default Parameter Value
Description
rap.cloud.server
﻿http://localhost:7777/connect﻿
This parameter defines the Remote Access Portal address. The parameter can be defined as URL with IP (e.g., https://34.234.69.53/connect) or as URL with domain name (e.g., https://cloudpam.com/connect)
There are also optional parameters that can be defined to tune Remote Access Configuration up.
Parameter Name
Default Parameter Value
Description
rap.rdp.session.duration.limit.warning.before.min
﻿1﻿
This parameter defines how many minutes before the RDP session expires that the timeout warning will be sent.
rap.ssh.session.duration.limit.warning.before.min
﻿1﻿
This parameter defines how many minutes before the SSH session expires that the timeout warning will be sent.
rap.token.expiration.period
1
This parameter indicates the lifespan of a token 
and is used to prevent the creation of long-term invitation links.
Then allow access from the cloud server to Kron PAM.
Edit the Tomcat CORS file with the cloud URL in the web.xml file.
Open the web.xml.
vi /pam/gui/conf/web.xml
Fill in the CORS allowed origins field.
Example;                                                                                                                                                 <param-name>cors.allowed.origins</param-name> 
<param-value>https://remote.cloudpam.com</param-value>
The * wildcard allows all access, but this usage is not recommended for product environments.
The Remote Access invitations can be created by clicking the +Add button.
Remote Access Configuration Page
﻿
After creating the invitation for the vendor, you can edit and delete the request by clicking the options button to the right of the request.
Edit or Delete Request
﻿
Admins can verify the details of the request by clicking on the request.
Details of the request
﻿
To invite a vendor:
Navigate to Users > Remote Access Configuration
Click the Add.
Fill in the username/group and device/group and click NEXT.
Select Username/Group and Device/Group
﻿
Fill in the start and end times and select the days.
﻿
Administrators can also set specific working hours for vendors by enabling Set Time By Day.
﻿
Click the Save button.
Vendors receive an email with a URL and a passcode. When the working time starts, vendors can click on the URL, enter their password first, enter the Kron PAM user password and start working.
Mail Example for invitation
﻿
If the user hasn’t required realm rights, the warning pops up and says “The realm right is not sufficient for the selected user(s) or user group(s)”.

Parameter Name	Default Parameter Value	Description
rap.cloud.server	http://localhost:7777/connect	This parameter defines the Remote Access Portal address. The parameter can be defined as URL with IP (e.g., https://34.234.69.53/connect) or as URL with domain name (e.g., https://cloudpam.com/connect)

Parameter Name	Default Parameter Value	Description
rap.rdp.session.duration.limit.warning.before.min	1	This parameter defines how many minutes before the RDP session expires that the timeout warning will be sent.
rap.ssh.session.duration.limit.warning.before.min	1	This parameter defines how many minutes before the SSH session expires that the timeout warning will be sent.
rap.token.expiration.period	1	This parameter indicates the lifespan of a token and is used to prevent the creation of long-term invitation links.

Secure Remote Access Connector

User Types for Internal and Secure Remote Access Users