Specific use case for PMP Premium Edition?

Specific use case for PMP Premium Edition?

I'd like someone to comment/confirm that PMP Premium Edition can meet the following use case/requirements:

Environment: I have multiple internet-facing Linux-based SFTP file transfer servers that are accessed by multiple external companies (per SFTP server) that push and/or pull files securely.

I do not wish to have Linux admins manage the SFTP server accounts & passwords, I want to have a web-based system for these functions.

Absolute separation of these external companies' SFTP server access (and administration of their SMTP server account passwords) must be maintained by the web-based access control product.

Below, I am using the terms "PMP administrator", "Password administrator", "Password auditor" and "Password user" based on my understanding of the PMP product from this page of PMP user role definitions .
  1. For each external company using the SFTP server, I wish to create a "password administrator" role & account which will be the sole manager of the password for the company user account(s) on the SFTP server.

  2. The password admin role (for a company) CAN NOT create or delete accounts on the SFTP server - they will only be able to manage the password for the company-specific SFTP server account(s) that they are granted access to by the PMP Administator.

  3. The password admin role (for a company) will be able to create/manage/remove their own "password users" which can can retrieve the username and password for the company-specific SFTP server user account(s).

  4. The password admin (for a company) will be able to maintain an email address for each password user.

  5. When the password admin (for a company) changes the password for the SFTP server account, each of the password users will receive an automatic email notification that the password has been changed, but the email MUST NOT contain the new password. Each password user will need to login to their PMP account to view the newly changed password.

  6. The password admin (for a company) will be able to view a log of each of their password user activities: (a) Successful and failed logins to the PMP [including the source IP address of the password user] (b) viewing of the password for the SFTP server account(s), (c) when email was sent to the password user(s) from the PMP application. Maybe I'm talking about the role of "Password Auditor" here.

  7. The PMP administrator can enforce password rotation of the PMP accounts used by the company password managers.

  8. The PMP administrator can (optionally) grant the password admin this ability.

  9. Logging/viewing of logs by the PMP admin for all activities of password admins and password users, including (a) Successful and failed logins to the PMP [including the source IP address of the password users or password admins] (b) All activities initiated by a password admin or a password user, and (c) when emails were sent to the password users and password admins from the PMP application.

    Maybe I'm talking about the role of "Password Auditor" here.

  10. The PMP application will run under Linux (RHEL), and will update a "/etc/passwd" and "/etc/shadow" style files that are used by the SFTP application for user account info, but these two files are stored in "an alternate location" (i.e. NOT in /etc directory as usual with Linux local accounts) used by the SFTP application.

  11. PMP administrator, password administrators, password users and password auditors can do all of their functions via https server (Apache) on a Linux system.

  12. Optionally... the PMP administrator, password administrators, password users and password auditors will have to use multi-factor authentication (such as Google Authenticator or RSA keyfob) to perform their roles under the PMP application.

  13. For each PMP user login, role-based access/privileges can be defined.

The following would be "nice, but not required" features:

  1. Each external company PMP password admin can (from within their PMP access screen), view a text log file of successful and failed logins to the SFTP server application. This textfile of SFTP server login failures could be periodically shipped to the PMP server, or could reside on the SFTP server itself.

  2. Same as #1 above, but would be for each PMP password user or password auditor.

I'm sorry if this is so long... if I need to discuss this via a sales engineer, please post the appropriate contact info.

Thanks!

LR



              New to ADManager Plus?

                New to ADSelfService Plus?