Frequently Asked Questions - Permission Access Management (PAM)
Want to learn more about Permission Access Management? Visit Understanding Permission Access Management
For detailed instructions on how to install applications on macOS with PAM visit the PAM Mac FAQ
1. What is Permission Access Management (PAM) used for?
PAM is used to provide quick elevation of administrative rights when required i.e. installing and uninstalling an application, updating device drivers, providing elevated access rights to an application or installing an application add-on.
2. Do I have to register my personal device into PAM?
No, PAM is for Humber managed devices only
3. What is the difference between standard vs admin user?
A standard user is for everyday use of a computer. Working on a document in Microsoft 365, web browsing, e-mail, conferencing in Microsoft Teams. Admin users can change system configurations, access or modify sensitive device data.
4. What does elevated permission mean?
Elevated permission is when a user is granted the ability to do more than a standard user.
5. How does PAM affect me?
PAM is being utilized at Humber using automatic elevation. Most tasks that require elevation have been accounted for and elevation will occur in the background. In some cases, you may be asked to click “ok” on a message pop-up or provide your password in a message pop-up.
6. Will PAM track what I'm doing?
PAM will only track when an elevation occurs, and nothing else. Example, installing Chrome on a computer asks for elevation and a message box will appear to click “ok”. PAM will log that elevation occurred to allow Chrome to be installed as an administrator.
7. What will happen with the logged data?
ITS will review common applications that are installed and update settings to automatically elevate as needed.
8. Is PAM enrolment mandatory?
PAM enrolment is mandatory and will be rolled out to all departments. As an institution we will be moving to having Standard User rights as our default security position. All Humber non-academic devices will be required to run on PAM. At this time academic devices will not be affected by these changes.
9. How do I know I have PAM on my device?
All Humber devices will automatically be added to PAM. After your device has been added, the process will be different for macOS and Windows.
MacOS:
Your device will automatically install the PAM client and a notification will be displayed when complete. You can continue with your work as normal while these processes run in the background. A reboot will be required to complete the process; however, this can be done when it is appropriate for your workflow.
|
You will see a new PAM icon (circled in red here) in your menu bar. This icon can be clicked to verify your client version and see when your PAM policies were last modified. You can also force a policy refresh.
Windows:
The next time you are on campus or VPN your device will automatically install the PAM client and a notification will be displayed when complete. You can continue with your work as normal while these processes run in the background. A reboot will be required to complete the enrollment; however, this can be done when it is appropriate for your workflow
You will see a new PAM icon (circled in red here) in your task bar. It can be right-clicked to force a policy refresh.
10. How do I connect to VPN?
If you need assistance with connecting through VPN, please refer to our Quick Reference Guide
11. Where do I go for support?
If you have any questions or concerns, please contact the IT Support Centre 416.675.6622 x8888, humber.ca/techtalk
12. What does a message pop-up look like?
OK with reason:
|
OK with Reason drop down list:
|
Provide reason credentials required:
|
For non-trusted/unsigned applications, a challenge response code is required from ITS:
|
|
Basic Confirmation Dialog:
|
|
|
Blocked Dialog
|
|
|
BeyondTrust Notifications: You may notice this logo on your device. It is safe and to be trusted. |
|
|