User Manual¶
Introduction¶
This guide explains how to register for and use the Excalibur system as a User.
As a User, you will use the Excalibur system to securely log in and access company resources, such as PC clients, VPNs, and web applications. You will use the Excalibur mobile app as your personal security token to access the Dashboard and manage your sessions.
The Dashboard is your central hub, where you can find your profile and access your assigned PAM resources. From here, you can start new sessions, review recordings of past sessions, and search for text within those recordings.
Info
The features available to you in the Dashboard depend on how the Excalibur system is configured at your organization. This guide focuses on the standard features available to the User role.
To start using Excalibur, you must first install the Excalibur mobile app. You can find links to the app stores in your email invitation, on the registration page, or at https://getexcalibur.com.
Registration¶
Registration creates a secure link between the Excalibur app on your phone and your company's Excalibur system. To begin, a system administrator will send you an invitation email.
Before you start, you will need:
- Your company domain account and email address.
- Your company account password.
- Access to your email account.
- The Excalibur v4 mobile app installed on your device.
- Android: Google Play Store (Requires Android 7.0 - Nougat or higher)
- iOS: App Store (Requires iOS 15.6 or higher)
- Huawei: AppGallery
Ensure your device meets the minimum system requirements for the best performance.
Steps:
-
Open the invitation email from your system administrator. It contains a unique, time-limited registration link. Click the link or copy it into your web browser to get started.
Figure 1. Email invitation
-
On the registration page, enter your company account password and click Register.
-
After your password is verified, a unique QR code will appear on the screen.
-
Open the Excalibur v4 app on your phone. If it's your first time using it, the app will ask for permission to use your camera. Allow access so you can scan the QR code.
-
Check that your registration details in the app are correct, then confirm.
-
Tap Register and allow the app to access your location. This is used as an additional security measure.
-
To finish, create a PIN or set up biometrics (like a fingerprint or Face ID), depending on your phone's features.
-
You are now registered!
Login¶
The Excalibur app is your security key for passwordless login. Follow these steps to log in to the Dashboard using the Excalibur app:
- Go to the Excalibur Dashboard login page, where you will see a QR code.
- Open the Excalibur app on your phone and scan the QR code.
- If you have multiple accounts, select the one you want to use.
- Confirm the login on your phone using your PIN or biometrics.
- You will be logged in to the Dashboard automatically.
Excalibur supports several login methods, but you must use the online QR code method described above to access the Dashboard.
Figure 2. Dashboard login screen
Figure 3. A successful login confirmation.
Dashboard¶
The Dashboard is the primary web interface for all users of the Excalibur system. It is used for managing your profile, accessing PAM resources, and reviewing your activity.
Info
In the Dashboard, every list allows you to filter, sort, and search for items.
Overview¶
Figure 4. Dashboard views correspond to the user roles in the Excalibur system.
Tenant Selector¶
If you have access to multiple tenants, you can switch between them using the tenant selector in the top-right corner.
Figure 5. Select a tenant
User Profile¶
Click the user profile icon in the top-right corner to open a dropdown menu with the following options:
- User Details
- Preferences
- Passkeys
- Logout
Figure 6. User profile dropdown menu
User Details¶
Select your username from the User Profile menu to open your user details page.
Figure 7. User details page
Preferences¶
Select Preferences from the User Profile menu to open the Preferences page.
Figure 8. Preferences page
On this page, you can change the display language and switch between your assigned roles.
Language Selection¶
Figure 9. Preferences - Language selection
Role Switcher¶
Figure 10. Preferences - Role switcher
You can switch between the different roles you have access to. Your available roles are displayed in the Role box.
Passkeys¶
Select Passkeys from the User Profile menu to open the Passkeys page.
Passkeys are a simple and secure way to log in without a password. Instead of a password, you use your device (with a fingerprint, face scan, or PIN) to prove it's you. Each Passkey is unique to your account and is stored securely on your device, in a third-party app, or on a hardware key like a YubiKey.
Figure 11. Select Passkeys
Create a Passkey¶
To create a new Passkey, click the plus button.
Figure 12. Click the plus button to create a Passkey
Give your Passkey a descriptive name and a brief description of its purpose, then click Confirm.
Figure 13. Create a Passkey
After creating a Passkey, you can see it in your Passkeys list, which shows its name, description, usage count, and creation date.
Figure 14. Passkeys list
Once a Passkey has been added, you can log out and use it to log back in.
Login with Passkey¶
From the login screen, instead of scanning the QR code, click LOGIN WITH PASSKEY and follow the prompts on your device to log in to the Dashboard.
Figure 15. Click LOGIN WITH PASSKEY
on the Login screen
Figure 16. Login with Passkey
After completing these steps, you will be successfully logged in to the Dashboard.
Passkey Audit Logs¶
Info
Audit logs are available only for users with the Auditor or Administrator role.
Users with the appropriate permissions can view the audit logs for their Passkeys by clicking a Passkey on the Passkeys settings page.
Figure 17. Passkey Audit logs
Logout¶
Select Logout from the User Profile menu to log out of the Dashboard.
Navigation Side Panel¶
Overview¶
The navigation panel on the left contains several sections. This document focuses on the User role, which has access to the following:
- Management: Actions, Authenticators, PAM
- Settings: System, About
Figure 18. Navigation side panel
Navigation Breadcrumbs¶
Breadcrumbs show the path to your current location within the Dashboard.
Figure 19. Navigation breadcrumbs
The navigation panel is expanded by default. To save space, you can collapse it by clicking the "menu" icon.
Figure 20. Navigation side panel
Management - Actions¶
Overview¶
This page shows a detailed history of your activity in the system, including authentications, authorizations, and registrations.
Figure 21. Actions overview
To see more details about a specific action, click on it. A side panel will open with information organized into the General, Location, and Validation Result tabs.
General Tab¶
Figure 22. Action authentication - General
Location Tab¶
Figure 23. Action authentication - Location: Map view (names have been blurred)
Figure 24. Action authentication - Location: Satellite view (names have been blurred)
Validation Result Tab¶
The Validation Result tab shows all the security policies that were checked for the action. Each policy is displayed in an expandable section. When you expand a section, you will see all the rules within that policy. Rules that were met are marked with a green checkmark, while rules that were not met have a red cross.
Each policy also displays additional details like the date and time, the phone’s IP address, and its connection status. By default, all accordions are expanded for easy viewing.
Figure 25. Action authentication - Validation result
Management - Authenticators¶
This section lists all your registered security tokens (your mobile devices) and provides general information about them.
Figure 26. Token overview
Clicking on a token opens its details page.
Figure 27. Token details
Management - PAM¶
The PAM section is where you access secure company resources (PAM Targets). All sessions are recorded, and every action you take is digitally signed to ensure security and accountability.
Targets¶
The Targets tab displays a list of all PAM targets you have permission to access.
Figure 28.PAM Targets
Possible Actions:
- Connect to Target: Start a session with the selected PAM target. For detailed instructions, refer to the PAM Manual.
- View Target Details: See more information about the selected PAM target.
Figure 29.1. General information about the PAM target
Figure 29.2. A list of all session recordings associated with the current PAM target.
Figure 29.PAM target details
Sessions¶
Sessions¶
The Sessions tab displays a list of your past and active PAM sessions. By default, all PAM sessions are logged for auditing purposes.
Possible Actions:
-
Play Recording: Replay the session recording.
-
Download Recording: Save a copy of the session recording to your computer as a
.guac
file. - Download Typescript: Export the session transcript as a Typescript file.
Clicking on a session opens its details page, where you can download the recording or transcript. This page also includes a "File Transfers" table that logs all files uploaded or downloaded during the session.
Figure 30. File transfers overview
You can view and download any files that were uploaded during your PAM sessions.
Full-Text Search¶
You can search for any text that was typed or displayed during your past PAM sessions.
Figure 31.PAM Full-Text Search
Enter a term in the search bar, and any sessions containing that term will appear. Click the "Play" button next to a session to watch the entire recording. To jump directly to the moment the searched term appeared, click the "Play" button within the search result details.
Example
Searching for mkdir
shows a session with 5 occurrences.
Clicking the 'Play' action opens a preview of the session recording, highlighting where the searched term was found.
Settings - System¶
These system settings are view-only and are managed by your system administrator.
Server Settings¶
Figure 32. Server settings
Expiration Times¶
Figure 33. Expiration times
Map Settings¶
Figure 34. Map settings
Settings - About¶
This section shows the version information for the application's components.
Figure 35. About ///
This guide is for informational purposes only. The functionality and capabilities of individual parts of the Excalibur system depend on the installation, configuration, and system administrators, and may change with updates.