Skip to content

Privileged Access Bridge — User Guide

This guide describes how to operate the PAB portal from the perspective of users and supervisors. Setup and administration are described in the (access-protected) Administration Guide.

Prerequisites

  • A current browser (Chrome, Edge, Firefox). Nothing needs to be installed.
  • Your credentials for the PAB portal (username/password; possibly multi-factor login, if enabled in your environment).
  • The portal address of your PAB instance (provided by your administrator).

Logging in

  1. Open the portal address in your browser.
  2. Enter your username and password.
  3. After logging in, you will see the connection list with the target systems released for you.

For security reasons, your session token remains on the server side; the browser only holds a protected session cookie. Log out via Log out when you have finished your work.

Connecting to a target system

  1. Select the desired target in the connection list. Connections can be organized in groups (folder tree).
  2. Click the connection — the session opens in the same browser tab.
  3. Depending on the protocol, the remote desktop (RDP/VNC), a terminal (SSH/Telnet) or the Kubernetes console appears.

Operating the session

Within a running session, the following are available to you:

  • Full screen for undisturbed work.
  • Synchronize clipboard — copy/paste text between your local machine and the remote session (in both directions).
  • File transferupload files into the session and download them from it.

    Prerequisite for file transfer

    File transfer requires that the appropriate drive is enabled on the connection — SFTP for SSH or the RDP drive for RDP. If this is not configured, transfer is not available. In that case, contact your administrator.

Recording

Privileged sessions can be recorded (image of the session). This serves traceability and compliance. Assume that your session is being logged.

Ending the session

Close the session in an orderly manner via the session controls, or log out of the target system. Supervisors can additionally end a session via emergency stop (see below).

Supervision: live monitoring and emergency stop

For users with a supervisor role or administrators, PAB provides real-time supervision via the Active Sessions page:

  • Live monitoring (read-only): You watch a running session in real time without being able to intervene. The supervisor role is enforced on the server side (at the BFF) — the session operator cannot prevent the monitoring and does not need administrator rights themselves for it.
  • Emergency stop: If you detect a problem, you can end the session immediately. The emergency stop is likewise available to supervisors (not just administrators).

This is how the four-eyes principle can be implemented in practice for particularly critical access: a responsible person watches and can intervene in case of doubt.

Viewing history and recordings

Via the History page you can see past sessions. Where a recording is available, it can be played directly in the portal (playback of the recorded session).

Supervisors can also view recordings of sessions to which they have no direct connection access — governed by the supervisor role.

Settings

On the Settings page you can change your own password. Further account settings (e.g. interface language) are available depending on the configuration.

For administrators

If you want to manage connections, users or roles, enforce recordings or set up operating models, read the (access-protected) Administration Guide.