Gatekeeper Management

As its name suggests, an Imprivata Customer Privileged Access Management (CPAM) Gatekeeper enables your customers to limit your access and connections as a vendor. As a vendor, you install a CPAM Gatekeeper to your customer server (Windows or Linux) where they configure the applications you have access to, and even set a schedule in which you can create connections.

To provide support, vendors connect to their customers Gatekeeper, not to their customers infrastructure. Remember that a Gatekeeper is always associated with a customer: you can not create a Gatekeeper without a Customer. Read the Customer Management documentation to create a customer.

Gatekeepers have built-in applications commonly related to support request. Additionally, customers and vendors can host additional custom applications on the Gatekeeper.

This page contains all the actions that vendors can take on Gatekeepers.

Gatekeeper Information

Find a list of all the Gatekeepers in your CPAM server by hovering the Customers menu of the Remote Support tab, and clicking List Gatekeepers.

The List Gatekeepers page lists information of all the Gatekeepers in your CPAM server. The Gatekeeper list contains the following fields:

Field Description
Customer

Displays the customer name. A single customer may appear several times if they have more than one Gatekeeper.

Read the Customer Management documentation for more information.
Gatekeeper Displays the name of the Gatekeeper that a customer has.
Session Status

Provides the status of the Gatekeeper:

  • Active: The Gatekeeper is currently connected to the CPAM server. The Session is Active.

  • Inactive: The Gatekeeper is not currently connected to the CPAM server.

  • Not Registered: The Gatekeeper has never connected to the CPAM server. Enter the Registration Code into the Gatekeeper on the remote network.

Access

Indicates if a vendor can access the Gatekeeper:

  • Enabled: The Gatekeeper is checking-in to the CPAM Server and ready for connection.

  • Disabled: The Gatekeeper is not checking-in to the CPAM Server.

  • Nexus: Access to this Gatekeeper is provided by a different CPAM server, through the CPAM Nexus.

  • Expiring...: Access to the Gatekeeper expires within ten minutes. Active connections are interrupted.

  • Expired: The Access Expiration time for this Gatekeeper has passed.

  • Unavailable: The Gatekeeper has recently stopped checking-in to the CPAM Server. It could have been disabled, or it might just be restarting.

  • Offline: The Gatekeeper is offline. The computer could be powered off, or it might not have network connectivity.

View Displays the Gatekeepers information.
Connect

Starts a session to the Gatekeeper.

Read the Sessions documentation for more information

When access is Disabled you can still click Connect to open the Gatekeeper's contact information so you can contact someone at the Gatekeeper's site to ask them to enable access for you.

Add a New Gatekeeper

Because Gatekeepers must be associated with a customer, Gatekeepers are automatically created when you create a new customer. The New Customer form prompts you to associate your customer to a new Gatekeeper and add a Gatekeeper name, group, description, service profile, and choose if you want to create an administrator user from your customer’s side.

If you want to add another Gatekeeper to an existing customer, you must navigate to the customer's details page.

  1. Click List Customers from the Remote Support tab, under the Customers menu.

  2. Select the customer that requires another Gatekeeper.
    The View Customer page opens.

  3. From the Top Summary section, select New Gatekeeper.
    The New Gatekeeper form opens.

  4. Complete the form using the following example:

Section Field Description Required
Gatekeeper Information Gatekeeper Name Create a Gatekeeper for your Customer.
 Yes
Gatekeeper Group Align your customer to a Gatekeeper Group.
 Yes
Gatekeeper Description Provide a description of your customer's gatekeeper. No
Department

Add the Gatekeeper to a Department.

If the Customer is already part of a Department, this option must match to the customer's.

 No
Services Profile Select the distribution of your customer's Gatekeeper. (Windows or Linux) Yes
Host this Gatekeeper on an existing Gateway Add your customer's Gatekeeper to an existing Gateway. No
Gatekeeper Admin User Create Gatekeeper Admin User Create an administrator user from your customer's side for access management and history access options. No, but recommended

Click Save. The Gatekeeper now appears in the Gatekeepers section of the View Customer pane.

View a Gatekeeper

You can access a Gatekeeper's details with two methods: through the List Gatekeepers page or the View Customer page. To see the details from the List Gatekeepers page, locate the Gatekeeper you want to view, and click View. Use the search bar to find the Gatekeeper faster by typing the customer's or the Gatekeeper's name. To see the details from the View Customer page, select the customer that has the Gatekeeper, scroll to the Gatekeepers section, and click the Gatekeeper you want to view.

Both options lead you to the View Gatekeeper page. This page the following information:

  • Gatekeeper Information: Contains the details of the Gatekeeper, such as name, group, department, status, version, tunneling method, date of last connection, local host name, local IP address, and platform.

  • Contact Information: Displays the customer's key contact's information, such as name, phone, and email.

  • User Access: Displays the customer's users that have access to the Gatekeeper. Includes information about their email, their role in the Gatekeeper, and their status.

  • Gatekeeper Host Groups: Contains the groups of hosts in that Gatekeeper.

  • Session Information: Contains the Registration Code, an option to reset the registration, the session status, and an option to initiate a connection.
    Read the Sessions Documentation for more information.

  • Upgrade History: Displays the update history of the Gatekeeper.

From the View Gatekeeper page, you can also:

  • Add Gatekeeper Users

  • Edit the Gatekeeper

  • Edit the Gatekeeper Services

  • View Session History

  • Clone the Gatekeeper

Continue reading for more information.

Gatekeeper Users

Gatekeeper Users are CPAM accounts that your customer can use to view access history, manage access permissions, set access schedules, and receive connection notifications.

There are three type of Gatekeeper User roles:

Role Description
Admin Gatekeeper Admin users can set access schedules, view audit reports, add credentials, and create other Gatekeeper Users.
They are also responsible for installing and registering the Gatekeeper.
Read Only Read-only users can log in to view history, and toggle Gatekeeper access, but cannot create other Gatekeeper users or modify permissions.
Email Only Email Only users are limited to receiving connection notifications.

You can add users by clicking Add Gatekeeper User on the View Gatekeeper page. New users receive an email with account activation instructions.

From the View Gatekeeper page, in the Users section, you can also Edit the user's name, phones, role, and access. From the Edit Gatekeeper User page you can disable and delete a Gatekeeper user. A Gatekeeper user can have access to several Gatekeepers, as long as the Gatekeepers are associated with the same customer.

NOTE:

Ensure that you always set a Gatekeeper Admin users, as other user roles are not able to add new Gatekeeper users, edit, disable, or delete them.

Edit Gatekeeper

The View Gatekeeper page enables you to edit, delete, or move you Gatekeepers.

From the View Gatekeeper page, you can click Edit to modify your Gatekeepers name, description, department, contact information, and pre-connection message; change, add, or remove the Gatekeeper to a group; and select a default Credential Pool for the Gatekeeper.

Click Save to save your changes.

To delete a Gatekeeper, click Delete on the Gatekeeper's edit page. A confirmation pop-up specific to your browser opens.

Click OK to delete the Gatekeeper.

The user has a choice to move either one Gatekeeper or all Gatekeepers.

Move a Gatekeeper

Click on the customer. This is the source.

  1. Click Move Gatekeeper on the Gatekeeper's edit page.

  2. Choose a destination customer.

  3. A page with the number of Gatekeepers and the source and destination customers opens.

  4. Click Move and then Confirm to confirm the move.

  5. View All Customers opens.

Move all Gatekeepers

  1. Click Move Gatekeepers on the Customer page.

  2. Choose a destination customer.

  3. A page with the number of Gatekeepers and the source and destination customers opens.

  4. Click Move and then Confirm to confirm the move.

  5. View All Customers opens.

Edit Gatekeeper Services

CPAM Gatekeepers have built-in services and customizable services available for vendors to provide support for their customers. Gatekeeper services are features and applications hosted directly onto the Gatekeeper. These services enable vendors to access their customer's assets. For customers, services provide security by granting granular access to their vendors, while also monitoring and logging activities within the services.

To view the services in your customer's Gatekeeper, open the View Gatekeeper page and select Edit Services from the top summary.

Continue learning how to edit services in the Services Documentation.

All CPAM Gatekeepers have the following built-in services:

  • Desktop Sharing Access: Enables vendors to remote access a customer's desktop.
    Read the Services Documentation for more information.

  • Primary File Transfer Port: Enables vendors to transfer files from their server to their customer's server.
    Read the Services Documentation for more information.

Sessions and History

Every Gatekeeper connection made by a vendor to a customer's server is monitored by the CPAM server. Monitoring enables customers to view and audit all the vendor's activity in their assets and Gatekeeper-hosted applications.

Read the Sessions Documentation to understand how to create a session with your customer and the types of sessions available with your CPAM license.

Read the History Documentation to learn about session history and audit log files generated by your CPAM server.