Product Ideas Portal

Got an idea for a new feature? Maybe a tweak to make something work even better? Wish there was an integration with another product to make you even more productive? You've come to the right place.

The Product Ideas Portal lets you submit whatever product feedback you have, good, bad, ugly, and anywhere between.

Want to stay anonymous? Don't worry, no email address or name fields are shared on the public portal. You can create an account which lets you vote on other people's ideas and receive updates when your idea's status changes.

To learn more about how an idea becomes a feature, check out this infographic.

11 Vote

Add support for Shadow Principles to Privileged Identity Management (Lieberman RED)

A Shadow Security Principal is an object representing a user, group or computer account from another forest. In a zero-trust environment, highly privileged domain local groups are managed through a bastion environment via a one-way PAM Trust.  The current implementation of Privileged Identity Management uses standard groups without a TTL value which leads to excessive permissions on Kerberos Tickets.

This is a very simple implementation as it can be done by calling native AD PowerShell commandlets with an additional TTL value.


***Example Code to add a bastion Forest Admin account to a resource Forest domain admin shadow principle***

##Adding the Privileged Bastion Admin Account to Domain Admins Shadow Principle Group for the DEMO Domain

Set-adObject -Identity "CN=PROD-Domain Admins,CN=Shadow Principal Configuration,CN=Services,CN=Configuration,DC=core,DC=guarded,DC=services" -Add @{'member'="<TTL=180,CN=Non-Privileged Demo Account,OU=Staff,OU=Managed Devices (TIER 2),OU=Resources,DC=core,DC=guarded,DC=services>"}

  • Guest
  • Apr 10 2019
  • Released
  • Attach files