Remote Access Configuration in Kron PAM

remote access configuration is the page where administrators can set the working hours of vendors in kron pam before making configurations, you need to add the cloud server name and allow access from the cloud server to kron pam add the cloud server name for the link attached to the email navigate to administration > system config man set the following parameter as the remote access portal (cloud server) address and save parameter name default parameter value description rap cloud server http //localhost 7777/connect this parameter defines the remote access portal address the parameter can be defined as url with ip (e g , https //34 234 69 53/connect ) or as url with domain name (e g , https //cloudpam com/connect ) there are also optional parameters that can be defined to tune remote access configuration up parameter name default parameter value description rap rdp session duration limit warning before min http //localhost 7777/connect this parameter defines how many minutes before the rdp session expires that the timeout warning will be sent rap ssh session duration limit warning before min http //localhost 7777/connect this parameter defines how many minutes before the ssh session expires that the timeout warning will be sent rap token expiration period 1 this parameter indicates the lifespan of a token and is used to prevent the creation of long term invitation links then allow access from the cloud server to kron pam edit the tomcat cors file with the cloud url in the web xml file open the web xml vi /pam/gui/conf/web xml fill in the cors allowed origins field example; \<param name> cors allowed origins cors allowed origins \</param name> \<param value> https //remote cloudpam com\</param value https //remote cloudpam com\</param value > the wildcard allows all access, but this usage is not recommended for product environments the remote access invitations can be created by clicking the + add button after creating the invitation for the vendor, you can edit and delete the request by clicking the options button to the right of the request admins can verify the details of the request by clicking on the request to invite a vendor navigate to users > remote access configuratio n click the add fill in the username/group and device/group and click next fill in the start and end times and select the days administrators can also set specific working hours for vendors by enabling set time by day click the save button vendors receive an email with a url and a passcode when the working time starts, vendors can click on the url, enter their password first, enter the kron pam user password and start working if the user hasn’t required realm rights, the warning pops up and says “the realm right is not sufficient for the selected user(s) or user group(s)”