Privileged Identity Manager Courses

Products:

  • Privileged Identity Manager

Privileged Identity Manager Courses Courses:

How to manage credentials for custom script and Java application using PIM

An application identity is a credential that is used by an application or script. These credentials are usually hard coded in the applications. They are rarely changed, leaving them vulnerable to exposure, which can lead to unauthorized use. This video demonstrates how to secure credentials for custom scripts and Java applications using IBM Security Privileged Identity Manager (PIM) v2.0.1.

Configuring Active Directory as an External User Registry in PIM

IBM Privileged Identity Manager (PIM) provides a default custom registry for authentication. You can choose not to use the default registry and use an external registry instead.

There are two videos in this series. The first video demonstrates how to configure Active Directory as an external user registry in PIM. The second video demonstrates how to onboard users to PIM when using Active Directory authentication. It also covers how to customize the onboarding email to instruct users to access PIM using their domain credentials.

Configuring Nginx as a Load Balancer for PIM

This white paper provides step-by-step instructions you can use to set up a widely used, open source, load balancer called Nginx to support PIM cluster deployments.


Using two-factor authentication during privileged credential check out

One of the advanced new features of IBM Access Manager (ISAM) 9.0.2.1 is Mobile Multi-Factor Authentication (MMFA). This technology is used to perform step-up authentication using an application on you mobile, known as IBM Verify, which can prompt for user-presence or fingerprint authentication.

This short video demonstrates how IBM Privileged Identity Manager (PIM) leverages the Access Manager MMFA feature to enforce two-factor authentication during privileged credential check out.

Prevent Insider Threats with Session recording

Learn how IBM Privileged Identity Manager's Privileged Session Recorder option helps detect and block insider threats by recording and storing every action made in a privileged user's session. Use the Session Recorder tool to monitor and cancel privileged user activity in real time, preventing security breaches.


Combat insider threats with IBM Privileged Identity Manager

Learn how IBM can help organizations thwart insider threats by protecting and monitoring privileged user accounts and activities with IBM Privileged Identity Manager. Available as an easy-to-install virtual appliance, this solution helps organizations to centrally manage and audit privileged users across systems, applications, and platforms to better protect sensitive assets and maintain compliance.

What are privileged accounts?

This short video explains how privileged accounts are a key source of insider threats due to their "super user" access capabilities and sharing by multiple individuals. IBM Privileged Identity Manager (PIM) protects the privileged access and strengthens compliance by auditing and analyzing privileged user activity.

Managing Windows service and scheduled task credentials using PIM

Each service in Windows runs in the security context of a user account also called a service account. With managed application services in PIM, you can rotate passwords for the user accounts used by services or scheduled tasks that are distributed across Windows hosts.

In this video series, you learn how to manage Windows Service and Task IDs remotely using App ID feature IBM Privileged Identity Manager. The videos demonstrate how to register a service management agent on a designated host and then onboard services, scheduled tasks, and managed credentials. You also learn how to automate the service management agent to reconfigure the managed services with the new password, every time PIM updates the credential password. This course includes the following videos:

1.   Course Introduction: Managing credentials of Windows services and scheduled tasks
2.    Discovering available services and scheduled tasks
3.    Registering a Service management agent
4.    Onboarding managed credentials
5.    Onboarding a Windows service
6.    Onboarding a Windows scheduled task
7.    Automating managed service agent operation

How to configure the Privileged Session Gateway

You use the Privileged Session Gateway feature in IBM Privileged Identity Manager (PIM) V2.1 to securely administer SSH-based resources through a web browser without installing client applications such as Putty, RDP, or Privileged Access Agent on your workstation.

In this video series, you learn how to configure and use the Privileged Session Gateway feature in PIM. You first deploy the privileged session gateway image on the Docker host and specify the location of the gateway image in the PIM appliance console. Then, you log on to the PIM Self Service web console, check out a privileged credential for an SSH-based Linux system, and connect to the terminal shell session on the system. You also play back the session using the privileged session recorder. This course includes the following videos:

  1. Course Introduction: How to configure the Privileged Session Gateway
  2. Installing the Privileged Session Gateway image on the Docker host
  3. Configuring and starting the gateway image
  4. Managing the gateway configuration in PIM
  5. Defining a shared credential in PIM
  6. Accessing a credential using the Privileged Session Gateway

Configuring a Privileged Session Gateway Using IBM Privileged Identity Manager

You use the Privileged Session Gateway feature in IBM Privileged Identity Manager (PIM) to securely administer SSH-based resources through a web browser without installing client applications such as Putty, RDP, or Privileged Access Agent on your workstation. You can initiate, list, and end SSH sessions using the PIM Self Service web console. The privileged identity sessions are recorded using the PIM session recorder for auditing, security forensics, and compliance.

In this lab, you learn how to configure and use the Privileged Session Gateway feature in PIM V2.1. You first deploy the privileged session gateway image on the Docker host and specify the location of the gateway image in the PIM appliance console. Then, you log on to the PIM Self-service web console, check out a privileged credential for an SSH-based Linux system, and connect to the terminal shell session on the system. You also play back the session using the privileged session recorder.


Calling IBM Privileged Identity Manager Rest APIs Using IBM Directory Integrator

You can develop custom applications by using the REST application programming interfaces (APIs) that come with IBM Privileged Identity Manager. The REST APIs are available so that you can administer the tasks outside the user interface.

In this lab, you learn how to call IBM Privileged Identity Manager (PIM) V2.1 Rest APIs using IBM Directory Integrator (IDI). You use IDI to call two PIM Rest APIs: Search users and Update a user. The main actor in this scenario is PIM user Irene Novak. Irene receives shared ID access after successful Rest API calls.


Application ID Management Using IBM Privileged Identity Manager

Application administrators can use IBM® Privileged Identity Manager for Applications (App ID) to remove hard-coded and unsafely stored credentials from applications, Windows services, scheduled tasks, and scripts. The App ID feature can also be used to manage the credential entitlements, track the use of each credential, and automate periodic password changes.

The App ID toolkit is provided to register applications and to allow different types of applications to get credentials that are managed by IBM Privileged Identity Manager (PIM).

This lab has two sections that are independent of each other. The first part teaches you how to administer credentials for custom scripts using PIM V2.1. In the second part, you learn how to administer credentials for Windows services and scheduled tasks.


Shared ID Management Using IBM Privileged Identity Manager

IBM Privileged Identity Manager (PIM) is a software solution that you use to centrally manage, audit, and control shared identities across your enterprise. Shared identities are accounts that are used by multiple people. Many shared identities are powerful administrative accounts with elevated privileges. Those shared accounts are often called privileged identities. PIM is able to manage all types of shared and privileged identities.

In this lab, you learn how to configure, use, and monitor shared privileged accounts using PIM V2.1. You first set up shared credentials, credential pools, and shared access policies. Then, you use the shared credentials and the privileged session recorder playback console.


How to call PIM Rest APIs using IDI

This video demonstrates how to call IBM Privileged Identity Manager (PIM) Rest APIs using IBM Directory Integrator (IDI). It provides step by step instructions to configure IDI for two PIM Rest APIs: SearchPeople and UpdateUser.

The sample IDI assemblyLine used in this recording is also included. Users can download IDI_AL_update_pim_user.xml file and run the assemblyLine on their local setup.








PIM Resource Library

Privileged Identity Manager developerWorks Wiki

PIM Performance Tuning User Documentation

This document provides information on tuning both the Data Tier and the VA Tier of the IBM Security Privileged Identity Manager deployment solution. The ISPIM VA tuning guide includes tunings for WebSphere, DB2, IBM Security Directory Server, and Load Balancers such as NGINX or IBM HTTP Server. This edition also includes recommendations for troubleshooting, detailed Virtual Appliance best practices, and database related maintenance tasks.

Common PIM Scenarios

This article describes how to implement five common privileged identity management scenarios with IBM Security Privileged Identity Manager.

PIM Technical Architecture and Overview

This document provides a technical overview of IBM Security Privileged Identity Manager.

How to manage shared IDs using PIM

In this video, you learn how to configure, use, and monitor shared privileged accounts using PIM V2.1. You first set up shared credentials, credential pools, shared access policies and approval workflow. Then, you use the shared credentials and the privileged session recorder playback console.