Discovering Privileged Accounts from MySQL Database

The MySQL instances and associated accounts can be discovered and added to Securden. To discover accounts in MySQL instances, navigate to Accounts >> Add >> Discover Accounts >> MySQL.

Prerequisite: Before connecting to a MySQL connector and discovering accounts, you need to install MySQL Connector. To do that, follow the steps below.

1. Ensure that the Securden server is connected to the internet.
2. Run a command prompt as Administrator.
3. Open a command prompt as Administrator and navigate to SecurdenInstallation-Folder\bin in the prompt.
4. Run 'installMySQLConnector.bat'.
5. From services.msc, restart the Securden PAM Service.

Once you've installed the MySQL connector, the next step is discovering accounts from the MySQL database. Discovering accounts the MySQL database is a two-step process.

Step 1: Connecting to the Database

Before Securden discovers accounts from databases, it needs to establish connectivity between the database server and the Securden server. To establish connectivity, you need to furnish details such as the IP address and database port of the database instance.

IP Address

You can either run the discovery on a single computer or on a series of computers.

1. To discover from a single device, select Single Computer. You need to specify the IP address (or) the hostname of the required computer.

   

2. If you want to discover from a range of computers, select Computers in IP Range. You need to specify the start and end of the IP range.

   

Database Port

You need to specify the port over which the database is serving.

Default Database

You need to specify the default database of the MySQL instance running on your device(s).

Connection timeout

You need to specify the maximum time in seconds for which Securden will try to establish connectivity with your database instance.

Retry the discovery process again

If Securden is unable to connect to any or all the specified devices at present, you can schedule a re-attempt at discovery. You need to specify the time in hours after which the discovery process is attempted again.

Step 2: Supply Administrator Credentials and Discover

Before Securden can discover accounts from the MySQL database, it needs to go through authentication. You need to specify the username and password of the administrator account.

If each instance in the IP range specified has different administrator credentials, you need to repeat discovery separately for each instance. In such scenarios, importing accounts from CSV would be a better option than accounts discovery.

Advanced

Once you've discovered and imported the privileged accounts, you can categorize all the accounts into specific account types or folders.

Account Type

You can select one of the compatible account types from the drop-down. If you want to assign a different account type from the available list of types, you need to navigate to Admin >> Account Management >> Account Types and add a new custom account type or modify an existing custom account type according to your needs.

Folder

You can open the drop-down menu and select the required folder from the folder tree. If you want to create a new folder, you can click [Add Folder] and create a new one.

Randomize Passwords After Discovery

Immediately following discovery, you have the choice to assign the accounts secure and unique passwords. If you select this option, Securden creates passwords for the accounts on the target devices according to the password rules you specify.

Once you have selected your preferences, click Discover.

The discovery process takes a few minutes to complete. Once it is done, complete results with a list of accounts and their statuses are displayed. You can view how many accounts were successfully imported.