Overview

The Domum Remote Access module is a Privileged Remote Access solution that gives remote users access to an organization’s internal resources. It provides a more secure environment for companies whose business operations often take place outside the company’s office by controlling the access of remote employees, third parties, and customers.

Companies that fail to control and monitor these accesses may become vulnerable, resulting in security breaches of company resources. For instance, a server that has been compromised could be used to intercept communications and initiate an attack on users in the organization.

Domum Remote Access provides secure access to remote employees and third parties while fast and easy to use. Our VPN-less solution does not require setting up a new network and VPN access for each user that connects from an external network.

Benefits

• User origin management
• Specific remote access policies that differ from other PAM users 
• Secure authentication via a dedicated link and token validation
• Remote access monitoring
• JIT (Just In Time) accesses for third-party users

Architecture

Communication architecture between the remote user and the senhasegura instance through Domum

 

Domum provides secure access to Web sessions coming from third-party desktops. The devices connect to senhasegura’s gateway using the HTTPS protocol without needing a VPN. senhasegura, in turn, establishes a secure connection with the company’s resources.

Companies can use the Domum module to create, enforce, and monitor their own Privileged Remote Access rules tailored to their needs.

This diagram shows how different organizations can use a senhasegura Host to connect to their corporate senhasegura instances without creating conflicts between gateways.

Connection through the senhasegura Host

 

• Third-party users: A company’s network is one of its most crucial assets and should not be accessible to remote users without caution. In many companies, employees only use senhasegura’s secure connections daily. Most users do not require access to the broader network, but without a proper tool, even methods such as a VPN fall short of restricting users’ access to only the required applications.
• VPN-Less and Principle of Least Privilege: Users don’t need to sign up for senhasegura. Domum sends each user a unique access link to the platform. Employees and third-party users can then request passwords and access their credentials remotely while working from home, from their own companies, or from a customer's workplace. Their access is isolated from the main network running senhasegura and uses a remote access profile with the least possible privileges.
• External Access Policy: the organization must configure which assets the user must access and how this access can be carried out, respecting the days and times determined in the policy.
• Geoblocking: In their Access Policies, companies can limit access requests based on the user’s location. For example, access can be restricted to regions where remote users are known to work or where they are currently providing services to one of the company’s customers. Therefore, if Domum receives an access request from a location not previously authorized in the Access Policy, this access will be denied, even if the user has the correct permissions.
  
• Employees: Employees often need to access senhasegura in remote settings, such as when working from home or traveling on business. Many do not require applications other than senhasegura to perform routine tasks. They could be instructed to access the system via Domum to save VPN resources and protect other applications from unwanted access. The organization provides the employee with full but secure access to senhasegura via a dedicated link that only authenticates access from that particular user.
• Remote Access Policy: Employees who need to access the platform from an external network will be subject to the same policies as their regular access group in the PAM module. This ensures that a single set of policies apply to that user in both standard and access. In other words, when a user accesses senhasegura via Domum, the permissions and rules that generally apply to this user remain unaltered.
  

User roles in Domum 

Admin User

• Only one gateway to configure access to the senhasegura, instead of multiple VPN configurations for each remote user
• Centralized monitoring of all access logs from remote employees and third-party users
• A Dashboard to perform KPI analyses of vendors
• Remote employees and third-party users grouped for easy management
• Management access for all successful remote connections.
• Real-time monitoring of all currently active sessions
• Video recordings of the remote sessions
• User behavior
• Logs
• Deny access based on location

Auditor

• Dashboard with an overview of all Domum accesses and activities
• Dashboards by: Vendor, Employee Group, Single Employee, and Single Third-Party User.
• Access logs of all remote connections to ensure they comply with the company’s Remote Access Policy.
• Recordings of the remote sessions can be downloaded in video format for auditing.

Remote User

• No need to set up a VPN (VPN-less)
• No Agent required (agentless)
• No password required
• Dedicated token
• Works from any authorized location
• Proxy sessions are established through a simple Web Browser
• Unique desktop interface with comprehensive information

Domum´s general workflow

The Domum workflow is quite simple and boils down to the administrator user defining and creating privileged remote access policies according to your company's needs. Domum will generate these accesses, which the Administrator can monitor and control. See below an example of the workflow and its respective steps:

Domum´s workflow

 

1. The Administrator user defines and configures external accesses.
2. Domum generates a personal link and a token via SMS or e-mail.
3. The user accesses the link.
4. The Domum Gateway communicates with the corporate environment.
5. The user inserts the token received via SMS or e-mail to log in.
6. The user has authenticated access to the senhasegura where he can perform his operations.