Release Notes › New and Changed Features › PUPM Enhancements

PUPM Enhancements

The following PUPM enhancements and fixes were made since the last release:

• Manage Open Sessions for Privileged Accounts

  PUPM has been enhanced to deny checking out or checking in privileged accounts if the account is logged in (open session) a target end point. A PUPM administrator can configure open sessions for every PUPM account. The following endpoint types support the open sessions feature:

  • Windows Agentless
  • SSH Device
  • Oracle Server
  • Microsoft SQL
  • Sybase Server
  • Network Devices
• RACF Connector Enhancement

  The RACF connector has been enhanced to run through the JCS. The RACF connector is supported through SSL.

  The administrator who creates the endpoint now requires permission to modify a user and use the NOEXPIRED operand (with PASSWORD or PHRASE). Such users do not have the SPECIAL, OPERATIONS, AUDITOR, or PROTECTED attributes.

• ACF2 Endpoint Supported

  PUPM has been enhanced to support an ACF2 endpoint type.

• Windows Agentless PUPM Connector

  The Windows agentless PUPM connector has been enhanced to enable better management of Windows endpoints. The enhanced Windows agentless PUPM connector has the following features:

  • Search and filter Active Directory accounts
  • Handle service accounts robustly

  Note: You can deploy the Windows Agentless PUPM connector on Windows Distribution Servers only. Install an additional Windows Distribution Server, or use the legacy connector when UNIX Distribution Servers are installed.

• CA Access Control for PUPM Connector

  The CA Access Control for the PUPM connector has been enhanced with the following features:

  • The connector does not require a username and password.
  • The configuration procedures have been automated.
  • The connector is less affected by operating system changes and requirements.
  • The connector handles service accounts.
• PUPM Network Device Endpoint

  PUPM now has a Network Device endpoint to manage network devices.

  Note: Currently, the PUPM Network Device connector is certified to work with Cisco 2600 network device only.

• Privileged Account Request

  The privileged account request feature has been enhanced to allow a PUPM user to request access for other PUPM users.

• Multiple Account Request and Approval

  The privileged account request feature has been enhanced to allow multiple requests to be placed at once. Similarly, a PUPM Approver can approve multiple requests at once.

• Break Glass Feature Enhancement

  The break glass feature has been enhanced to prevent access to exclusive accounts who are in operation using break glass.

• Login Applications Enhancement

  PUPM now prepopulates the Login Applications screen in CA Access Control Enterprise Management. The following login application types are prepopulated:

  • ORACLE_10G_WEB
  • ORACLE_10XE_WEB
  • ORACLE_11G_WEB
  • PUTTY
  • PUTTY_TELNET
  • RDP
  • RDP_AD
• Disable Advanced Login While Creating Endpoint

  An option has been added which disables the Advanced Login option for the specified endpoint.