Before You Deploy Privileged Access Service

Privileged Access Service is composed of the following services, web portals for administrators and users, and mobile applications users can install on their iOS and Android devices.

alt

  • Policy Service: A service that provides integrated mobile security management. You configure policies for managing mobile device settings and Privileged Access Service automatically installs the policies in registered devices.

    You can also use the Active Directory Group Policy Management Editor to set mobile device policies. See Selecting a policy service to learn more about your options.

  • Delinea CA: A certification authority that generates certificates for devices when you use Delinea directory policy service for device policy management. The certificates are automatically generated when you enable wi-fi, VPN, or Exchange ActiveSync policies and select certificates for authentication. The certificates are automatically installed when the user registers the device.

  • App Gateway: An infrastructure that provides secure access to on-premise web servers. When you use the App Gateway, a VPN is not required. You install the Delinea Connector to use the App Gateway. The App Gateway also provides single sign-on to the web applications.

  • Admin Portal: The Admin Portal is the web portal you use to configure the Privileged Access Service, deploy web applications, manage users, generate reports, and monitor user activity. If you are using Privileged Access Service for mobile device management, you use Admin Portal to manage the registered devices too.

  • Delinea application: A free mobile application for Android and iOS devices that users install on their devices to register their devices in the Privileged Access Service. It provides single sign-on to the applications you deploy to them.

    The Delinea application includes a browser that is opened in place of the device’s default browser for web applications that require a browser extension to provide single sign-on. This lets users run the same applications they open from their desktop browser on their devices. If the web application does not require the browser extension, the application opens in the user’s selected browser.

Privileged Access Service also includes the optional Delinea Connector. This is a software package you install on Windows computers inside your firewall that you can use for any of the following services:

  • AD Proxy: You use the Active Directory/LDAP proxy to authenticate users with Active Directory/LDAP accounts for access to the administrator portal. Optionally, this lets you use Active Directory Users and Computers to manage devices and Windows Group Policy Management to manage mobile device policies.
  • App Gateway: You use this service to provide secure, remote access to web applications running on internal application servers.
  • Active Directory/LDAP Certificate Service (not shown): You can use the default certificate authority instead of the Delinea CA to generate certificates for user authentication. See How to Select the Policy Service for Device Management for the details.

See How to install a Delinea Connector to download and run the installer.

You install one set of connectors when all of the Privileged Access Service users are in domain trees or forests that have two-way, transitive trust relationships between the domain controllers. If your organization has multiple, independent domain trees or forests, you install a separate sets of connectors for each tree or forest. See Supporting User Authentication for Multiple Domains for the details.

When you use the connector to authenticate Active Directory users, the installer includes the following extensions:

  • Active Directory Users and Computers console extension (not shown): A console extension that adds tabs to the mobile device’s and user’s Active Directory Properties windows with Privileged Access Service information. When you install the console extension, you can use Active Directory Users and Computers to manage devices.