The bastion
in practice
The PROVE IT administration bastion is easy for the solution administrator and all users to learn.
Administrator side
A simple and intuitive interface
The administration web interface offers a dashboard with an overview of your sensitive accesses, with indicators on:
- activity by users connected to the PROVE IT portal
- the storage space used for archiving
- the platform load
Authorisation management
Securing your sensitive accesses requires the definition of an access policy to your Information System’s resources.
User authentication
For user authentication, PROVE IT easily interfaces with your existing external directories (AD, LDAP, etc.).
PROVE IT also has an autonomous and integrated internal directory allowing the creation of accounts and user groups.
Definition of target services
- Declaration of sensitive servers
- Secure provisioning of access credentials
- Security policy via advanced protocol filtering (prohibition of SSH tunnelling mechanisms, display offset, etc.)
Authorisation – implementing an access policy
- Role-based access control (RBAC) policy
- Granular management of access profiles (time ranges, working hours, etc.)
Auditability
Optimise your investigation and research time
Find the source of problems or anomalies by viewing the recordings of completed sessions through the logging of connections with search engine: date, operator, service, etc.
Repeat successes
After you have successfully intervened?
PROVE IT gives you the assurance that you can view it later.
Control risk-based access
You can monitor your accesses in real time, all the more easily once you have set up alerts notifying you when your users connect to your IS.
Dissuasion
The user must acknowledge a warning message before connecting to the server on which they wish to work.
By informing them that their session is being recorded, they will be more careful and attentive and their intervention time will be optimised.
Real-time control
The PROVE IT administrator is notified of events by user and by machine, enabling you not only to know what activity is taking place on your IS in real time but also to directly view the current sessions.
Prevention of malicious activities
With real-time visualisation, you can interrupt an unauthorised session at any time by disconnecting it.
With PROVE IT ADVANCED delegate your PROVE IT administration rights
Limit the rights of a PROVE IT auditor, operator or administrator with the segregation of administration rights by profile.
It is thus possible to define an administration delegation by user population as well as by target servers.
Use case: the PROVE IT administrator can delegate to a project manager the audit of his team’s user sessions.
The REST API with PROVE IT ADVANCED
The PROVE IT ADVANCED platform has an advanced application programming interface (API) that follows REST standards and allows the most common administration operations to be performed, such as automatic provisioning of target servers, automatic creation of authorisations, etc.
This interface can be accessed securely, enabling you to customise critical access processing configuration and management in detail.
User side
A transparent connection for the user
Privileged users connect to the PROVE IT portal using their native client (RDP or SSH) and log in.
A personalised kiosk offers them the servers authorised for their profile.
After selecting a server, they are notified that the session is being recorded, and can then choose to accept or reject connection to the authorised resource.
The connection is then made transparently to the target server.
Download our product documentation