Verify Privilege Vault Analytics Configuration
In VP-VA, the User Settings allow password changes and configuration of per-user alert notifications. The System Settings allow the configuration of Verify Privilege Vault integration, global alert and challenge callback, and time settings.
User Settings
You can navigate to User Settings by clicking your profile icon at the top right of any VP-VA page and choosing User Settings.
Account Settings: Lets you change the password on your account used to access VP-VA.
Alert Notification Settings: You can set the email address to receive alerts and specify whether you want to receive alerts and warnings as they occur.
System Settings
Select Settings in the left navigation panel, then select System Settings
Each tab provides access to the following system settings.
Responsive Actions
Alert Threshold: The numerical value an alert needs to meet or exceed to send an email.
Alert Action: Whether you wish to Challenge a Verify Privilege Vault User if their actions cause VP-VA to generate an alert for them that meets or exceeds the Alert Threshold. To use Challenges, you must configure it on Verify Privilege Vault as well. More information on the configuration can be found in the following Access Challenges section.
Warning Threshold: The numerical value a warning needs to meet or exceed to send an email.
Warning Action: Whether you wish to Challenge a Verify Privilege Vault User if their actions cause VP-VA to generate a warning for them that meets or exceeds the Warn Threshold.
Secret Importance: Brings you to a page that lists all of your Secrets and lets you change any of their importance settings in VP-VA.
User Watch List: Check the boxes to automatically watchlist users with active alerts and warnings or new users. If the status of the user changes (for example, their active alert is cleared, or a new user reaches 30 days), then the user will be automatically removed from the User Watch List.
Verify Privilege Vault Integration
Verify Privilege Vault Integration Key
View Integration Key: This key is copied to Verify Privilege Vault and provides access information for Verify Privilege Vault to authenticate with and upload data to VP-VA.
-
Version 10.4.000000 and Later
- VP-VA Key Pair /Verify Privilege Vault Key Pair: Key exchange is used by VP-VA during Single Sign On in order to verify Verify Privilege Vault’s (as an identity provider) user claims. In the opposite direction, it is used by Verify Privilege Vault as an additional layer of security to verify that Access Challenges were signed by the authorized VP-VA instance.
- Initiate Key Rotation: VP-VA initiates a key rotation in which both Verify Privilege Vault and VP-VA generate a new key pair and exchange the new public key with each other using the last public key to sign this new exchange. Keys are typically rotated periodically as a security best practice.
- Clear Keys: This is used only when migrating from one Verify Privilege Vault instance to a completely new Verify Privilege Vault instance while using the same VP-VA instance or when troubleshooting issues with key exchange. CAUTION: This clears all key pairs (both Verify Privilege Vault and VP-VA) from VP-VA’s database. After clearing, the integration key is copied to the target Verify Privilege Vault and the initial key exchange is conducted, the same as with a fresh configuration of VP-VA-Verify Privilege Vault integration.
Verify Privilege Vault Public Key
-
Version 10.3.000015 and Earlier
- View Public Key: The public key from /AdminAnalyticsEdit.aspx in Verify Privilege Vault must be copied to VP-VA and saved in order to use Access Challenges.
Verify Privilege Vault Outbound URLs
The two URLs displayed, URL 1 and 2, are the URLs that Verify Privilege Vault needs to access to communicate with the PBA applications on AWS. If restrictions are placed on Verify Privilege Vault's outbound connections, ensure that these endpoints are allowed for PBA functionality.