• v39
  • v32
  • v33
  • v34
  • v35
  • v36
  • v37
  • v38
Home
Guides
API Reference
  • v39
  • v32
  • v33
  • v34
  • v35
  • v36
  • v37
  • v38
Home
Guides
API Reference
Getting Started
  • Introduction
  • Quick PrivX Setup
  • Quick SSH Access
  • Importing Users And Hosts
  • Configuring SSH Target Host to Accept PrivX Connections
Deployment
  • Overview
  • Release Notes for This Release
  • Preparing for Deployment
  • Get PrivX Software
  • Setting Up PrivX Components
  • Deploying PrivX to Amazon Web Services
  • Deploying PrivX to Google Cloud Platform: architecture blueprint
  • Deploying PrivX to Azure: architecture blueprint
  • Deploying to Kubernetes
    • Example Nginx Load-Balancer Configuration
    • Example HAProxy Load-Balancer Configuration
    • Load-Balancer Ports And Protocols
    • Configuring Extender for multiple endpoints
    • Tuning max concurrent connections
  • License Management
  • Backup and Restore
  • Native SSH and RDP Clients
  • Production-Readiness Checklist
  • Integrating PrivX With XSOAR
Users and Permissions
    • Importing Users from AD/LDAP
    • Managing Roles
    • Requesting and Approving Memberships
    • Granting Access to Hosts
    • Granting Administrator Permissions
    • Access Groups
    • Role Permissions
    • Enabling Email Notifications
    • Automatic Logout
    • Require Password Change
    • Limiting Login Rate
    • Kerberos Authentication
    • Multi-Factor Authentication with PrivX Authorizer
    • Multi Factor Authentication with 3rd-party Authenticators
    • Client-Certificate Authentication
    • OpenID-Connect Authentication
    • Public-Key Authentication (SSH Bastion)
    • External JWT Authentication
    • Passkeys Login
    • Session-Password Authentication
  • Managing User Secrets
  • Password Change for AD and LDAP Users
  • Managing User Sessions
Authenticating to Hosts
  • Supported Authentication Methods
  • SSH Certificate Authentication
  • RDP Certificate Authentication
  • VNC Certificate Authentication
  • Script-Based Certificate-Authentication Setup
  • Certificate-Authentication Setup via Chef
    • SSH X.509 Certificate Authentication
  • Public Key Authentication
  • Stored Passwords
  • Example VNC-Server Setup
  • Trusting Target-Host Identities
  • PrivX Authorizer CA Key Rotation
Connection Management
  • Setting up Hosts
  • Connecting via The PrivX GUI
  • SSH Connections with Native Clients
    • Restricting Users Access to Applications in RDP Connections
    • Connecting with MySQL or MariaDB Client
    • Connecting with PostgreSQL Client
    • Passthrough Modes
  • Network Targets
  • Website Access via PrivX
  • AWS CLI Connection with Native Client
  • Monitoring and Managing Connections
  • Automatic M2M SSH Connections
Auditing
  • Viewing Audit Data
  • SIEM Integration
  • Session Recording
  • External Logging
  • Matching Certificate-Based-Login Messages
    • Audit Event Details
  • Splunk Integration
  • UEBA Configuration
  • Exporting List Data
Advanced Configuration
  • Best Practices
  • SSL/TLS Security
  • PrivX-Server Configuration
  • Extender Configuration
  • Carrier and Web Proxy Configuration
    • Automation With Golang SDK
    • Automation with Python SDK
    • Authentication to AWS Services using AWS CLI
    • Fetching ephemeral AWS Services credentials via PrivX
    • Configuring assume-role access to AWS API
    • Configuring Federated Token Access to AWS API
    • GitHub Enterprise integration
    • GitLab Integration
    • X.509 Certificate Name Constraints
    • Validating X.509 Access Certificates
    • PrivX Router Configuration
    • Network Target Extender Support
  • Rotating Stored Passwords
    • Example SSH Command Restrictions Configuration
  • GUI Configuration
  • Admin Command-Line Tool
  • Disk-Space Alerts
Integrations
    • AWS Cognito as a User Directory
    • Google Workspace as a User Directory
    • JumpCloud as a User Directory
    • Microsoft Entra ID as a User Directory via Microsoft Graph API
    • Microsoft Entra ID as a User Directory via LDAPS
    • Google Cloud Platform as a Host Directory
    • Amazon Web Services as a Host Directory
    • VMWare as a Host Directory
    • AWS CloudHSM as a HSM Provider
    • nShield Connect as an HSM Provider
    • SafeNet Luna SA as a HSM Provider
    • Generic PKCS#11 HSM Provider
  • SCIM
  • ICAP Servers
  • PrivX as OIDC Identity Provider
Troubleshooting
  • General Troubleshooting
  • Connections fail with error Too Many Authentication Failures
  • Directory users are not listed
  • List users view does not display all attributes
  • Resolving x509: Common Name certificate error
  • All microservices fail to start except Keyvault
  • Deploy script fails to trust AWS CA TLS certificate
  • Windows login failures
  • Windows revocation failures
  • OpenSSH 7.8 Client Not Supported
  • Error "smart card logon is not supported for your user account"
  • Hosts with "Directory" Account Enabled not visible in Connections
  • Login with Correct Username and Password Fails
  • All Microservices apart from Keyvault down
  • AD that has previously worked fails
  • Error "Administratively prohibited" with Native Clients and Extenders
  • Error "Unable to connect to Extender/Carrier" during Web Connections
  • Error "Unable to connect to Web Proxy" during Web Connections
  • Error "Host cannot be redeployed" when deploying a new Cloned Host
  • Error "Bad Configuration Option: AuthorizedPrincipalsCommand" when running the deploy script
  • Microsoft Remote Desktop version 10 for Mac does not display text
  • Error "proxy server is refusing connections" during Web Connections on RHEL8
  • RDP native client times out
  • Error "USER-STORE [ERROR] Server error: listen tcp :8084: bind: address already in use" when running in Azure
  • OIDC Login
  • "[ERROR] DB connection failure: x509: certificate has expired or is not yet valid. Retrying in 15 seconds...
  • File transfer in RDP session is slow
  • Error "Remaining connection slots are reserved for non-replication superuser connections"
  • Permission errors when accessing PrivX audit folders
  • Password rotation does not work for Windows 2012 R2
  • Extender fails to register to PrivX because certificate expired
Knowledge Base
  • Search Syntax
  • PrivX microservices architecture
  • PrivX web access architecture
  • Websockets and the PrivX Carrier browser
  • Customizing the PrivX Carrier browser
  • PrivX RDP Admin Access Deployment in Multi-Domain Environment
  • Vault and M2M
  • Onboarding SSH target hosts to PrivX via Ansible
  • Onboarding SSH target hosts to PrivX via Chef
  • Onboarding AWS, Azure & Google Cloud SSH target hosts the simple way
  • Enabling TLS 1.3
  • Removing Hosts from Directories
  • Configuring Gitlab access through PrivX SSH certificate authentication
  • PrivX Analytics
  • Connection method vs feature matrix
  • Setting up and upgrading PrivX with custom network ports
  • Supported SSH Algorithms
  • Supported SFTP Protocol Versions
  • PrivX Settings
  • Granting Password-based root access via Roles
  • Requesting and granting roles, Passwordless Access
  • Passwordless SSH And RDP Access
  • PrivX AWS High Availability Installation tith two ELBs
  • How to install PrivX
  • OSS Acknowledgements
  • End-user license agreement (EULA)
  • Documentation Conventions
  • PrivX Settings Examples
    • Release Notes 1.x - 9.x
    • Release Notes 10.x - 19.x
  • Changing to the New License Back End
  • PrivX Login Flow and State Storage
  • Changing PrivX database name, username or password
  • Changing notification mechanism to PostgreSQL
  • Migrate from CentOS 8
  • Merging changes Oon Extender/Carrier/WebProxy upgrade
  • Mapping Directory Users to Additional Accounts
  • Upgrade from Older Releases
  • Improve performance with indexing
  • Migrate from EOL Operating Systems
  • PrivX on Kubernetes
PrivX Comparisons
  • Kerberos
  • Guacamole
FAQ
  • Auditing & Reporting
  • Architecture
  • Authentication, Access Control and Identity Management
  • Buying And Trying
  • Compliance
  • Connectivity
  • Data Encryption
  • Data Retention
  • Functional Use Cases
  • Integrations And System Monitoring
  • Licensing
  • Miscellaneous
  • Operation Security Maintenance
  • Operational Technology (OT)
  • PrivX Components
  • Product Info
  • Product Features
  • Security
  • Session Recording and Playback
  • Support and Services
  • Tips and Tricks

User Directories

PrivX can integrate towards 3rd party user directories and identity providers. The integrations can be made over LDAP(S) or OIDC.

AWS Cognito as a User Directory
Google Workspace as a User Directory
JumpCloud as a User Directory
Microsoft Entra ID as a User Directory via Microsoft Graph API Microsoft Entra ID as a User Directory via LDAPS

Was this page helpful?