Skip to content

Privileged Access Management (PAM) Manual

Introduction

Excalibur's Privileged Access Management (PAM) provides secure, web-based access to company resources, known as PAM Targets. This uses a "zero-trust" approach, which means your computer doesn't need any special software installed. All you need is a web browser to access resources like RDP, VNC or SSH. Your computer never directly connects to the company's internal network, which keeps it secure.

In the PAM section of the Excalibur Dashboard, the options you see will depend on your user role. For more details on what each role can do, please see the specific user manual.

Figure 1.1. Administrator role

Figure 1.2. User role

Figure 1. Different user roles have different views of the PAM dashboard

This guide covers how to use Excalibur PAM with RDP and SSH resources, including:

  • Starting a PAM session
  • Sharing text using the clipboard
  • Using the on-screen keyboard
  • Sharing files
  • Ending a PAM session

Prerequisites

Before you begin, make sure you have the following:

  1. A registered Excalibur account.
  2. A modern web browser (Chrome is strongly recommended).
  3. The Excalibur mobile application installed on your smartphone (available in the footer at https://getexcalibur.com).
  4. An internet connection with access to the Excalibur server.

Connecting to a PAM Target

In the Dashboard, go to the Targets tab to see a list of your available PAM targets. From here, you can perform several actions:

  • Connect to Target
  • View Target Details
  • Duplicate
  • Edit Target
  • Delete Target

To start a session, click Connect to Target.

Figure 2. Possible actions for a PAM target

PAM Controls – Overview

When you connect to a PAM target, a new browser tab will open. A notification will appear in the bottom-right corner to let you know the session is being recorded.

To see the PAM control bar, move your mouse to the top-center of the screen. It stays hidden by default so it doesn't get in your way.

Figure 3. Browser tab after connecting to a PAM target

Figure 4. Notification displayed in the bottom-right corner

Figure 5.PAM control overview: 1. Pin/Unpin the player panel 2. Target name 3. Recording status indicator 4. Settings

PAM Controls – Settings

In the PAM control bar, click Settings to open the settings panel on the left. From here, you can:

  • Enable clipboard sharing to copy and paste text (if supported by the target).
  • Access the shared drive to upload and download files (availability depends on the target).
  • Show or hide the virtual on-screen keyboard.

Figure 6.PAM control settings overview

On-Screen Keyboard

Figure 7. Toggling the on-screen keyboard

Two-Way Text Sharing via Clipboard

When you copy text inside the remote session, it will appear in the Clipboard box in the settings panel. From there, you can copy it to your own computer. However, in most cases, you can copy and paste directly without using the Clipboard box.

Info

To copy or paste in a terminal, use Ctrl+Shift+C (Copy) and Ctrl+Shift+V (Paste). Alternatively, right-clicking once in the terminal also pastes text.

SSH Target

Copying and pasting works seamlessly with standard keyboard shortcuts (Ctrl+C/V, Ctrl+Shift+C/V) or by right-clicking.

From Your Computer to the SSH Target:

  • Copy text on your computer (Ctrl+C or right-click > Copy).
  • Paste in the SSH session (Ctrl+Shift+V or right-click once).

From the SSH Target to Your Computer:

  • Select text in the SSH session with your mouse (it copies automatically).
  • Paste on your computer (Ctrl+V or right-click > Paste).

RDP Target

From the RDP Target to Your Computer: Copying and pasting works normally with Ctrl+C/V or by right-clicking.

From Your Computer to the RDP Target: Right-click in the remote session and select Paste. The Ctrl+V shortcut will not work for pasting text from your local computer.

Two-Way File Sharing

If a shared drive is available for your session, you can see its contents by clicking the disk icon in the settings panel.

Figure 8. Shared drive/folder structure in an RDP target

To upload a file from your computer to the remote session:

  1. In the settings panel, navigate to the destination folder.
  2. Select Upload File and choose the file from your computer.

To download a file from the remote session to your computer:

  1. In the settings panel, navigate to the file you want to download.
  2. Double-click the file to begin the download.

RDP Target

Figure 9. Using an Excalibur shared drive in an RDP session

Figure 10. Downloading a file by dragging it to the Excalibur shared drive

Figure 11. Download confirmation in the user's browser

Figure 12. Starting a file upload in a PAM RDP session

Figure 13. Upload confirmation in the user's browser

Figure 14. Uploaded file to device disk in PAM session

Figure 15. Uploaded file to device disk in PAM session

SSH Target

Figure 16. Double-clicking a file to download in an SSH session

Figure 17. Successful download message

Figure 18. Browser confirmation of file download

Figure 19. Starting a file upload in an SSH session

Figure 20. Upload confirmation message

Figure 21. Uploaded file to device disk in PAM session

Ending a PAM Session

Ending an RDP Session

To end your session, disconnect or log out from the remote operating system (for example, by using the Start menu and selecting Disconnect). A "Session Closed" window will appear to confirm the session has ended. Click Close Tab to exit.

Figure 22. Ending a PAM RDP session

Ending an SSH Session

To end your session, disconnect or log out from the remote operating system (for example, by typing the exit command). A "Session Closed" window will appear to confirm the session has ended. Click Close Tab to exit.

Figure 23. Ending a PAM SSH session

This guide is for informational purposes only. The functionality and capabilities of individual components of the Excalibur system depend on the installation, configuration, and system administrators, and may change with updates.