Based on the customers' use cases of shared and privileged identities, we've collected a set of common use cases/scenarios (including some variations) and written some how to guides for each scenario. These scenarios are stand-alone but they can coexist. The how to guide uses a fictitious organization, JK Enterprises, which deploys PIM solution to simplify and streamline the access, compliance, management and governance of the privileged IDs.
This series of documents provide steps to deploy IBM Security Privileged Identity Manager solution, configure the system for each scenarios and a playbook to execute them.
This document provides details on installing and configuring a PIM Server and a PIM Client with basic setup to get started on PIM deployment.
This scenario describes how an enterprise, with many servers (either in server farms or heterogeneous servers) which is managed by a group of people (regular employees or contractors), can define a pool of privileged IDs and manage and track the access to these IDs by their system admins.
Application Administrators usually have less privileges than System Administrator. This scenario describes how higher level privileges can be provided to application administrator when needed and how it can be controlled (through approval), tracked and audited.
Every organization is susceptible to unplanned absences. In such a case of emergency, another person needs to carry out the privileged tasks. This scenario describes how access to an emergency administrator can be assigned, how to track what the emergency admin did and how to (manually or automatically) remove the access.
This scenario describes how an organization can write secure applications (including scripts and cron jobs) by eliminating the need to hard code a privileged ID and password and enabling them to check out a privileged ID when needed and check it in when done.
Network devices like routers, firewalls, switches, etc. usually have only one administrator ID which is used by many network administrator. This scenario describes how to track which network admin used which id, for how long and how to periodically send password change reminder for these devices.