Getting Started¶
Introduction¶
Excalibur is an enterprise solution for passwordless multi-factor authentication (MFA), privileged access management (PAM), and secure access to PAM targets. The system has three user roles: User, Auditor, and Administrator. This guide explains how to register and use the Excalibur system as a User.
The Excalibur mobile app acts as a digital security key for passwordless authentication. It uses your mobile device to confirm security factors such as your location, PIN, fingerprint, Face ID, etc.
Before you can use Excalibur, you need to install the mobile app. The application is available for free on the Google Play Store, the Apple App Store and Huawei AppGallery. You can find links to the app stores on https://getexcalibur.com or on the registration screen. The app can also be provided directly to users upon request.
User Roles¶
A User is anyone who uses the Excalibur system to access company systems, such as the Dashboard and PAM resources. Users log in with a personal token (usually the mobile app) and manage their sessions on their device.
User roles determine what each person is allowed to do in the system. Every person, including administrators, has the basic User role, even if they have other advanced roles.
Description of Roles¶
Excalibur has three user roles:
Administrator This role has the highest level of access and is assigned to the first user who registers in the system. There must always be at least one System Administrator. The System Administrator can access all system-wide settings, create and manage tenants, and control all user roles. This role has full access to all tenants, including the main System Tenant.
System Administrators can invite new people to use the system and manage their access. This role is the central authority for managing and maintaining the Excalibur system.
Auditor The Auditor role is designed for oversight and transparency. Auditors can monitor and review all system activities but cannot change any settings or user information. They have a complete view of all user activities and system actions, which helps ensure compliance and security. This role is crucial for organizations that need independent reviews to ensure they are following company policies and regulations.
User This is the standard role for most people using the Excalibur system. Users can only access their assigned tenant and the specific PAM resources that have been shared with them or their user group. This ensures they can do their work without accessing sensitive areas, which keeps the system secure. The User role is perfect for anyone who needs access to specific resources but doesn't need to manage the system.
Table of Roles and Authorizations¶
| Permissions / Roles | System Administrator | Auditor | User |
|---|---|---|---|
| Manage own user profile | ✔ | ✔ | ✔ |
| Manage other users | ✔ (all) | ✔ | ✘ |
| Access PAM resources and sessions | ✔ (all) | ✔ (in your tenant) | ✔ (available to you in your tenant) |
| Manage identity resources | ✔ (all) | ✔ (in your tenant) | ✘ |
| Manage tenants | ✔ | ✘ | ✘ |
| Manage geofences | ✔ (all) | ✔ (in your tenant) | ✘ |
| Manage OAuth clients | ✔ | ✘ | ✘ |
| Manage security policies | ✔ (all) | ✔ (in your tenant) | ✘ |
| Manage email settings | ✔ | ✘ | ✘ |
| Manage SMTP settings | ✔ | ✘ | ✘ |
Multi-Tenancy¶
Excalibur uses a feature called multi-tenancy, which allows different organizations (or departments) to use the same system while keeping their data separate. A tenant is a dedicated space for an organization with its own users, administrators, security policies, and settings.
System Administrators manage all tenants from a central point. When Excalibur is first set up, a special System Tenant is created for System Administrators. This tenant oversees all other tenants.
Tenants can also be managed automatically by integrating with an external system. For more details, refer to the API Integration page.
Dashboard¶
The Dashboard is the main web portal for the Excalibur system, and all users can access it. From the Dashboard, you can manage users, groups, security policies, reports, system settings, and access PAM resources. What you can do in the Dashboard depends on your user role.
For more details, refer to the Administrator, Auditor, and User manuals.
Info
In the Dashboard, every list allows you to filter, sort, and search for items.
Info
The registration process is the same for everyone. A System Administrator will send you an email with a unique, time-limited link. This link takes you to the Excalibur registration page, where you will enter your company login details. Once your details are verified, a unique QR code will appear on the screen. You will scan this code with the Excalibur mobile app to complete your registration and log in for the first time.
PAM (Privileged Access Management)¶
Excalibur's Privileged Access Management (PAM) feature lets you securely access company resources (called PAM targets) directly from your web browser. You can connect to systems like RDP, VNC or SSH without needing special software on your computer.
All PAM sessions are considered privileged and are recorded by default for security. Every action you take is digitally signed to confirm your identity. This creates a secure link between every action and the person who performed it. This means access cannot be shared, and every action is clearly tied to a specific user.
Refer to the PAM Manual for detailed instructions on connecting to and working with a PAM target. For role-specific features, see the corresponding Administrator Manual, Auditor Manual, or User Manual.
This guide is for informational purposes only. The functionality and capabilities of individual components of the Excalibur system depend on the installation, configuration, and system administrators, and may change with updates.