Onboarding an Endpoint in AuthNull

Downloading the Endpoint Agent

Follow the instructions given below for installing and setting up the agent in an endpoint:

1. Navigate to ‘Endpoints’ section from ‘Privilege Access Management’.

2. Click on Add an Endpoint Button which will take you to the screen wherein you can select your OS.

3. Download the agent via clicking on the ‘Download Agent’ link on that screen. which will take you to the drive for downloading the endpoint agent binary.

4. On the Passwordless browser tab we will have the newly generated Agent token.

Installing & Configuring the Endpoint Agent in an Endpoint

1. You can download the linux agent utilizing one of these following ways

            Note: Please find the agent token by navigating to "add endpoint" in the Privileged Access Management section in AuthNull.
   

   • You can also download the endpoint agent by following the steps given above.

   • (Recommended) Or by directly downloading the agent via source code(This has the latest version- Endpoint Agent v2.0). Read more

2. The configuration can be found under app.env, copy the app.env file to /home path.

   App.env file can be found at this github link.

   Refer to this Sample app.env file:

    KEY=KL01
   
    MACHINE_KEY=MACKL01```
   
    AGENT_TOKEN=xxxx
   
    Note:This would be generated by the AuthNull.
   
    TENANT_ID=1
   
    USER_ID=1
   
    AWS_ACCESS_KEY_ID=xxx
   
    AWS_SECRET_ACCESS_KEY=xxx
   
    AWS_REGION=us-east-1
   
    BUCKET_NAME=guac-session
   
    RECORDING_DIR=/anchor_dvr/
   
    FILE_NAME=test.guac
   
    BUCKET_NAME_GCS=gto-did-app-dev
   
    STORAGE_AWS_FLAG=true
   
    MACHINE_KEY = Unique Machine Key Identifier (Constant)
   

3. Please update the below environment variables inside the app.env file

    AGENT_TOKEN= Agent Token to be used for registering agent (token to be fetched from the Authnull platform when registering)
   
    TENANT_ID= Domain Id
   
    USER_ID = User Id of the Daemon (Assuming it as 1)
   
    AWS/GCP Details can be provided for the storage options <!--   The daemon will trigger and run for every second performing the following operations
   
    * RegisterAgent - The Agent will register itself in the platform using token, machine details
   
    * ImportUserGroups - This module will find users and groups and import to the platform.
   
    * Sync Password - Rotating passwords for users whose password ttl has expired.
   
    * CreateUserGroups - This module will find newly added users/groups and add them to the machine.  -->
   

4. Run the agent by the following command

    ./endpointpamagent
   

Note: The agent will synchronize the guacd server based on the jobs assigned, and the recordings information will be stored as specified under GCS Bucket as per the config file for jump server.

Interacting with the Endpoint from AuthNull Platform

Follow the instructions given below to interact with an endpoint using the AuthNull admin console:

1. Navigate to ‘Endpoints’ section from ‘Privilege Access Management’.

2. Click on the gear icon in the “Options” column to interact with an agent, this will allow to active and deactivate an endpoint, assign users to an endpoint, configure authentication flow of an endpoint and customise credential policy for an onboarded endpoint.