Configuring Privileged Session Manager

Privileged Session Manager (PSM) is a ClickOnce application hosted on Amazon Web Services (AWS) that launches when users with Login Session Access to a managed computer check out the credentials for that computer. PSM can be configured to record session activity, allowing Access Managers and other administrators to view what users did on the computer while in a session.

To configure Privileged Session Manager

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the EmpowerID Config Settings page by expanding Admin > Miscellaneous and clicking EmpowerID System Settings.
  2. From the EmpowerID Config Settings page, search for psm.
  3. You should see the below Privileged Session Manager settings. A description of each follows the image.

    • PSMAWSBucketName - This is an optional setting used to specify the Amazon AWS S3 bucket to store snapshots and keystrokes, when applicable. Leave the value empty if are not using AWS.
    • PSMAWSRegionEndpoint - This is an optional setting used to specify the Amazon AWS region for the S3 bucket used to store snapshots and keystrokes. Leave the value empty if you are not using AWS.
    • PSMClientKey - This is an optional setting that specifies the OAuth Client API key for the PSM ClickOnce client application. The client key needs to be mapped to an account or role in AWS that has permissions to write to the bucket specified for the PSMAWSBucketName.
    • PSMClientURL - This specifies the URL for the PSM ClickOnce client. The default value should not be modified.
    • PSMEnabled - This specifies whether the PSM RDP proxy is enabled in the EmpowerID user interface. If set to false, users who have requested and received approval to access a computer will not be able to initiate a PSM session from the My Resources view of the IT Shop.
    • PSMOAuthConsumerGUID - This is an optional setting that specifies the PSM RDP client OAuth credentials for the Amazon AWS account for storing snapshots and keystrokes.
    • PSMStorageMode - This is used to specify whether snapshots are stored on AWS or in a UNC network folder location.
    • PSMUNCStorageLocation - This is an optional setting used to specify the UNC path to a network folder for storage of screenshots when PSMStorageMode is set to UNC.
  4. Click the Edit button to the right of each of the PSM settings you need to change. For example, if you are storing snapshots in a UNC network folder, you click the button to the right of PSMUNCStorageLocation setting, add the path in the Value field of the dialog that appears and then click Save.