Privileged Access Management (PAM) Manual¶
Introduction¶
Excalibur's Privileged Access Management (PAM) provides secure, web-based access to company resources, known as PAM Targets. This uses a "zero-trust" approach, which means your computer doesn't need any special software installed. All you need is a web browser to access resources like RDP, VNC or SSH. Your computer never directly connects to the company's internal network, which keeps it secure.
In the PAM section of the Excalibur Dashboard, the options you see will depend on your user role. For more details on what each role can do, please see the specific user manual.
Figure 1. Different user roles have different views of the PAM dashboard
This guide covers how to use Excalibur PAM with RDP and SSH resources, including:
- Starting a PAM session
- Sharing text using the clipboard
- Using the on-screen keyboard
- Sharing files
- Ending a PAM session
Prerequisites¶
Before you begin, make sure you have the following:
- A registered Excalibur account.
- A modern web browser (Chrome is strongly recommended).
- The Excalibur mobile application installed on your smartphone (available in the footer at https://getexcalibur.com).
- An internet connection with access to the Excalibur server.
Connecting to a PAM Target¶
In the Dashboard, go to the Targets tab to see a list of your available PAM targets. From here, you can perform several actions:
- Connect to Target
- View Target Details
- Duplicate
- Edit Target
- Delete Target
To start a session, click Connect to Target.
Figure 2. Possible actions for a PAM target
PAM Controls – Overview¶
When you connect to a PAM target, a new browser tab will open. A notification will appear in the bottom-right corner to let you know the session is being recorded.
To see the PAM control bar, move your mouse to the top-center of the screen. It stays hidden by default so it doesn't get in your way.
Figure 3. Browser tab after connecting to a PAM target
Figure 4. Notification displayed in the bottom-right corner
Figure 5.PAM control overview: 1. Pin/Unpin the player panel 2. Target name 3. Recording status indicator 4. Settings
PAM Controls – Settings¶
In the PAM control bar, click Settings to open the settings panel on the left. From here, you can:
- Enable clipboard sharing to copy and paste text (if supported by the target).
- Access the shared drive to upload and download files (availability depends on the target).
- Show or hide the virtual on-screen keyboard.
Figure 6.PAM control settings overview
On-Screen Keyboard¶
Figure 7. Toggling the on-screen keyboard
Two-Way Text Sharing via Clipboard¶
When you copy text inside the remote session, it will appear in the Clipboard box in the settings panel. From there, you can copy it to your own computer. However, in most cases, you can copy and paste directly without using the Clipboard box.
Info
To copy or paste in a terminal, use Ctrl+Shift+C (Copy) and Ctrl+Shift+V (Paste). Alternatively, right-clicking once in the terminal also pastes text.
SSH Target¶
Copying and pasting works seamlessly with standard keyboard shortcuts (Ctrl+C/V, Ctrl+Shift+C/V) or by right-clicking.
From Your Computer to the SSH Target:
- Copy text on your computer (Ctrl+C or right-click > Copy).
- Paste in the SSH session (Ctrl+Shift+V or right-click once).
From the SSH Target to Your Computer:
- Select text in the SSH session with your mouse (it copies automatically).
- Paste on your computer (Ctrl+V or right-click > Paste).
RDP Target¶
From the RDP Target to Your Computer: Copying and pasting works normally with Ctrl+C/V or by right-clicking.
From Your Computer to the RDP Target: Right-click in the remote session and select Paste. The Ctrl+V shortcut will not work for pasting text from your local computer.
Two-Way File Sharing¶
If a shared drive is available for your session, you can see its contents by clicking the disk icon in the settings panel.
Figure 8. Shared drive/folder structure in an RDP target
To upload a file from your computer to the remote session:
- In the settings panel, navigate to the destination folder.
- Select Upload File and choose the file from your computer.
To download a file from the remote session to your computer:
- In the settings panel, navigate to the file you want to download.
- Double-click the file to begin the download.
RDP Target¶
Figure 9. Using an Excalibur shared drive in an RDP session
Figure 10. Downloading a file by dragging it to the Excalibur shared drive
Figure 11. Download confirmation in the user's browser
Figure 12. Starting a file upload in a PAM RDP session
Figure 13. Upload confirmation in the user's browser
Figure 14. Uploaded file to device disk in PAM session
Figure 15. Uploaded file to device disk in PAM session
SSH Target¶
Figure 16. Double-clicking a file to download in an SSH session
Figure 17. Successful download message
Figure 18. Browser confirmation of file download
Figure 19. Starting a file upload in an SSH session
Figure 20. Upload confirmation message
Figure 21. Uploaded file to device disk in PAM session
Ending a PAM Session¶
Ending an RDP Session¶
To end your session, disconnect or log out from the remote operating system (for example, by using the Start menu and selecting Disconnect). A "Session Closed" window will appear to confirm the session has ended. Click Close Tab to exit.
Figure 22. Ending a PAM RDP session
Ending an SSH Session¶
To end your session, disconnect or log out from the remote operating system (for example, by typing the exit
command). A "Session Closed" window will appear to confirm the session has ended. Click Close Tab to exit.
Figure 23. Ending a PAM SSH session
This guide is for informational purposes only. The functionality and capabilities of individual components of the Excalibur system depend on the installation, configuration, and system administrators, and may change with updates.