Skip to main content

PAM - Quick Start Guide

Request Access

Privileged Access Management (PAM) access is provisioned when access to a shared folder is granted or when certain ODTI managed credentials are requested. To request PAM access, submit a request to order services through Service Now. Once the request has been received, a member of the PAM support team will contact you.

Support

Please contact the IT Service Desk for general support. They have convenient methods including chat, in-person, by phone and more.

Support site: go.osu.edu/IT

Phone: 614-688-HELP (4357)

Email: ServiceDesk@osu.edu

In-person: BuckeyeBar at Thompson Library 1858 Neil Ave Mall - 60A Monday - Friday: 9 a.m. - 6 p.m.

The PAM support team can be contact by email: PAMSupport@osu.edu

Log In

Navigate to Privileged Access Management (PAM).

This will redirect you to The Ohio State University's single sign-on page where you will use your name.# or OSUMC ID to authenticate.

After successfully entering your credentials, you will be presented with a BuckeyePass multi-factor authentication (MFA) prompt.

 

Critical Note

Due to the sensitive nature of secrets with PAM, not all MFA methods are available, such as SMS codes. For information on authenticating with BuckeyePass see Authenticating with BuckeyePass.

Homepage and All Secrets

After logging into PAM, you have several choices for navigation.

  • The Dashboard tab displays your Recent Secrets. You can also add additional tabs to your Dashboard by clicking the plus symbol.

    Secret Server Dashboard in the PAM tool with the plus icon highlighted

Enter a name for the new tab and click the Confirm New Tab button.

Tab name field in the PAM tool
  • The Secrets Tab displays all secrets to which you have permissions. Secrets can be searched or filtered using the search and filter options at the top, or by expanding Secrets Tab and selecting individual folders from the folder tree on the left.

    All Secrets tab in the PAM tool with search bar highlighted

Create a Secret

  1. Select the folder to store the secret.
  2. Click the plus symbol.

    Plus icon in the PAM tool used to create a secret
  3. Select New Secret.

    Button highlighted in the PAM tool used to select a new secret
  4. Select the appropriate Secret Template from the list.

    Create New Secret screen in the PAM tool
 

Critical Note

Secret Fields with a star (*) are required.

 

Helpful Note

Secret Templates with Administrative, Service, or User in the name have password requirements that meet or exceed OSU ISCR requirements.

Change Password

Information on the available options for changing passwords can be found in the Change a Password job aid.

Folder Types

PAM contains two main folder types: Individual Work Secret Folders (IWF) and Shared Folders.

Individual Work Secret Folders

Individual Work Secret Folders (IWF) are created for each user. A user’s IWF is named with the user’s Name.#. Each user can create and manage sub-folders within their own IWF.

Creating a IWF sub-folder

To create a sub-folder, right click on the folder name in the left-hand navigation panel, or on the down arrow in the breadcrumb navigation and select Edit Folder or Add Sub-Folder.

Add Subfolder button in the PAM tool
 

Critical Note

This process will not work within a shared folder. Contact your folder's Access Manager to have a sub-folder created.

Secrets in the IWF cannot be shared with other users. To share a secret, move it to a shared folder to which both users have access. The Managed folder inside of each IWF has special permissions and users cannot move or share these secrets.

 

Helpful Note

The Managed folder is created when OTDI managed credentials have been provisioned to a user. Not all user have a Managed folder.

Shared Folders

Shared Folders are organized by College or academic unit. Sub-folders are typically organized by department, team, or service. Shared Folders are created and managed in GMS by your PAM Access Manager. Each folder is assigned a Folder Code, a unique, alpha-numeric string in square brackets following the folder name. Each Folder Code contains the code of the parent folder.

Secrets in Shared Folders are visible to all users who have been granted Edit, User, or View permissions on that folder. Permission is maintained by the Access Manager for your unit. If you do not know who the Access Manager is, please contact your Security Coordinator or PAMSupport@osu.edu.

Secret Server Accessibility Statement

If you have a disability or use assistive technology, you will experience difficulty accessing this application. Please contact us for assistance by calling the Accessibility Helpline at 614-292-3307.