Skip to content

Discovering Privileged Accounts from PostgreSQL Database

Accounts stored in databases such as SQL servers, MySQL, PostgreSQL, and Oracle databases can be discovered and imported into Securden easily. You need to provide valid credentials to connect with the databases and import accounts into the PAM repository.

The PostgreSQL instances and associated accounts can be discovered and added to Securden. To discover accounts in PostgreSQL databases, navigate to Accounts >> Add >> Discover Accounts >> PostgreSQL.

Account Management

Discovering accounts from databases is a two-step process.

Step 1: Connecting to the Database

Before Securden discovers accounts from databases, it needs to establish connectivity between the database server and the Securden server. To establish connectivity, you need to furnish details such as the IP address and database port of the database instance.

IP Address

You can either run the discovery on a single computer or on a series of computers.

  1. To discover from a single device, select Single Computer. You need to specify the IP address (or) the hostname of the required computer.

    Account Management

  2. If you want to discover from a range of computers, select Computers in IP Range. You need to specify the start and end of the IP range.

    Account Management

Note

If each instance in the IP range specified has different administrator credentials, you need to repeat the discovery separately for each instance. In such scenarios, importing accounts from CSV would be a better option than accounts discovery.

Database Port

You need to specify the port over which the database is serving.

Account Management

Default Database

You need to specify the default database of the MySQL instance running on your device(s).

Account Management

Enforce SSL

You can enforce SSL while establishing a connection between Securden and PostgreSQL server. If you choose to enable this, you need to ensure that SSL connections are enabled in your PostgreSQL server.

Additionally, you need to install a certified CA signed certificate in Securden. If the certificate of the domain controller is not signed by a certified CA, you need to import all the certificates that are present in the respective root certificate chain - that is the certificate of the domain controller and all the intermediate certificates if any.

Account Management

Connection timeout

You need to specify the maximum time in seconds for which Securden will try to establish connectivity with your database instance.

Account Management

Retrying the discovery process again

If Securden is unable to connect to any or all the specified devices at present, you can schedule a re-attempt at discovery. You need to specify the time in hours after which the discovery process is attempted again.

Account Management

Step 2: Supply Administrator Credentials and Discover

Before Securden can discover accounts from the MySQL database, it needs to go through authentication. You need to specify the username and password of the administrator account.

Account Management

Note

If each instance in the IP range specified has different administrator credentials, you need to repeat the discovery separately for each instance. In such scenarios, importing accounts from CSV would be a better option than accounts discovery.

Advanced Options

Once you've discovered privileged accounts from the database, you can populate them under a specific account type and/or a specific folder.

Account Management

Account Type

You can select one of the compatible account types from the drop-down.

Account Management

If you want to assign a different account type from the available list of types, you need to navigate to Admin >> Account Management >> Account Types and add a new custom account type or modify an existing custom account type according to your needs.

Folder

You can open the drop-down menu and select the required folder from the folder tree.

If you want to create a new folder, you can click [Add Folder] and create a new one.

Account Management

Randomize Passwords After Discovery

Immediately after the discovery, you can assign secure and unique passwords to the accounts. If you select this option, Securden creates passwords for the accounts on the target devices according to the specified password rules.

Account Management

Once you have selected your choices, click Discover.

Account Management

The discovery process takes a few minutes to complete. Once it is completed, a complete result with a list of accounts and their status is displayed. You can view how many accounts were successfully imported.