Active Session Monitoring

PSM enables authorized users to monitor active sessions from their own workstation, take part in controlling these sessions, and suspend or terminate them.

PSM can automatically suspend or terminate sessions when notified by PTA or a third party threat analytics tool.

 

The authorized user monitors or terminates an active session using the same connection method (RDP file or HTML5 Gateway) as the end user.

Permissions

Monitor Active Sessions

To access the Monitoring page, you must have membership in the Auditors group or membership in the relevant Account Safes and Recording Safes with the following authorizations:

Safe type

Permissions

Account Safes

  • List accounts/files

    This authorization specifically enables users to access recordings from the Account Details page.

  • View audit

Recording Safes

  • Retrieve accounts/files

  • List accounts/files

  • View audit

To monitor the session, in the PVWA system configuration, the Active Sessions Monitoring settings must specify the following:

Item

Description

Monitoring

The AllowMonitor property must be set to Yes

Monitor level

The MonitoringLevel property determines whether users can view or control active sessions.

Suspend active sessions

In the PVWA system configuration, the Active Sessions Monitoring settings must specify the following:

Item

Description

AllowPSMNotifications

 

Set Privileged Session Management > General settings > Server settings > Live Session Monitoring settings > AllowPSMNotifications to Yes to enable users to suspend active sessions.

 

This parameter is not supported on PSM for SSH and OPM sessions.

Suspending Active Sessions Users And Groups

Users need to be added as a user in the Suspending Active Sessions Users And Groups parameter.

Terminate active sessions

In the PVWA system configuration, the Active Sessions Monitoring settings must specify the following:

Item

Description

Terminating Active Sessions Users And Groups

Users need to be added as a user in the Terminating Active Sessions Users And Groups parameter. The default group is PSMLiveSessionTerminators.

Active session monitoring settings

The active session monitoring settings determine how users can monitor live privileged sessions and the types of activities that they can perform.

Active session monitoring at the system level

By default, active session monitoring is enabled at system level for all authorized users, and can be disabled at platform level. Active session monitoring can also be disabled at system level, but when it is disabled, it cannot be enabled at platform level.

Active session monitoring at the platform level

You can override active sessions monitoring settings in individual platforms, enabling you to determine whether or not authorized users can or cannot monitor active sessions during privileged sessions that use accounts managed by specific platforms, regardless of the general active sessions monitoring settings.

To monitor active sessions at platform level, users require the Safe ownership and permissions listed above in Active Session Monitoring.

Live monitoring notification

When authorized users begin monitoring an active session, a notification can be displayed to indicate the session is being monitored. This is configured separately for each platform.

When authorized users suspend an active session, a notification is displayed.

This notifications are displayed at the bottom right corner of the remote active session window.

Notification type

Screenshot

Monitored session

Suspended session

When the actives session is resumed, the notification disappears.