Web Portal Access and Navigation¶
Section: Web Portal | Article 24
Audience: All Users
Last Updated: 2026-04-07
Overview¶
The RP-PAM web portal is the primary interface for managing privileged access. All users -- from end users requesting access to administrators configuring policies -- interact with RP-PAM through this portal.
Browser Requirements¶
| Browser | Minimum Version |
|---|---|
| Google Chrome | 100+ |
| Microsoft Edge | 100+ |
| Mozilla Firefox | 100+ |
| Apple Safari | 15+ |
| Mobile (iOS/Android) | Latest Chrome or Safari |
Note: Internet Explorer is not supported. JavaScript must be enabled.
How to Access the Portal¶
Open your browser and navigate to:
Replace your-pam-server with:
- The server's hostname or IP address (single-node deployment)
- The VIP address (if configured; see VIP Failover)
- The load balancer address (if using a load balancer)
First-Time Certificate Warning¶
If the server uses a self-signed certificate, your browser will display a security warning. In production, use a certificate from a trusted CA. For testing, you can proceed past the warning.
Login Flow¶
Step 1: Enter Credentials¶
- On the login page, enter your username and password.
- Click Sign In.
Step 2: Multi-Factor Authentication (if enabled)¶
If MFA is enabled for your account (see MFA Setup):
- Open your authenticator app.
- Enter the current 6-digit code.
- Click Verify.
Step 3: Dashboard¶
After successful authentication, you land on the Dashboard (see below).
Session Timeout¶
Sessions expire after 30 minutes of inactivity by default. When your session expires, you are redirected to the login page. Active sessions (e.g., typing in a form) do not time out.
Portal Navigation¶
The portal uses a left sidebar for navigation. The sidebar sections and items visible depend on your role.
Sidebar Layout¶
+-----------------------------------+---------------------------+
| [Ravenphyre Logo] RP-PAM | |
| | |
| ACCESS | Main content area |
| Dashboard | |
| Requests | |
| Resources | |
| | |
| ADMINISTRATION * | |
| Users | |
| Modules | |
| AI Assistant ** | |
| | |
| MONITORING * | |
| Audit Log | |
| Logs | |
| SIEM | |
| | |
| SYSTEM * | |
| License | |
| AI Setup | |
| Settings | |
| | |
| [Avatar] username / Sign Out | |
+-----------------------------------+---------------------------+
* = Visible to admin and security_admin roles
** = Visible when AI module is licensed and configured
The sidebar is grouped into four sections: Access (daily use for all users), Administration (user and module management), Monitoring (audit trail, logs, SIEM forwarding), and System (license, AI config, settings). The sidebar can be collapsed to icon-only mode by clicking the collapse button.
Portal pages added in Phase 7:
| Page | Section | Description |
|---|---|---|
| Logs | Monitoring | View, search, and download application logs from the browser |
| SIEM | Monitoring | Configure SIEM forwarding targets (Splunk, Sentinel, syslog, HTTP) |
| License | System | License status, usage dashboard, import/replace |
| AI Setup | System | Configure AI provider (Ollama, OpenAI, Anthropic, xAI) |
| Session | (via Connect button) | Browser-based SSH terminal or RDP desktop for active grants — see Browser Sessions |
Screen Descriptions¶
Dashboard¶
The landing page after login. Shows at-a-glance status information.
| Widget | Description |
|---|---|
| Active Sessions | Number of currently active privileged sessions |
| Pending Requests | Access requests awaiting approval (admins/approvers see all; users see their own) |
| Recent Activity | Timeline of recent access events |
| Cluster Health | Node status indicators (green/yellow/red) -- admin only |
| Upcoming Expirations | Access grants that will expire in the next 24 hours |
| Alerts | System warnings (certificate expiry, license renewal, secret rotation due) -- admin only |
Request Access¶
Where users submit new access requests. See Submitting Access Requests for the full workflow.
| Action | Description |
|---|---|
| Search for a resource | Find a server, group, or credential to request access to |
| Select duration | Choose how long you need access |
| Provide justification | Explain why access is needed |
| Submit request | Send the request for approval |
My Requests¶
Shows all access requests submitted by the current user.
| Column | Description |
|---|---|
| Resource | The resource requested |
| Status | Pending, Approved, Denied, Expired, Cancelled |
| Submitted | Date and time the request was submitted |
| Expires | When the approved access will expire |
| Actions | Cancel (if pending), Renew (if expiring soon) |
Approval Queue (Admin / Approver)¶
Lists all pending access requests across the organisation.
| Column | Description |
|---|---|
| Requester | Who submitted the request |
| Resource | What they are requesting access to |
| Duration | How long they are requesting |
| Justification | The reason provided |
| Risk Score | AI-generated risk assessment (if AI module is active) |
| Actions | Approve or Deny |
See Approval Workflows for details.
All Resources (Admin)¶
Lists all resources managed by RP-PAM (servers, groups, credentials, SSH keys).
| Action | Description |
|---|---|
| Add resource | Register a new resource for PAM management |
| Edit resource | Modify resource settings, policies, or module bindings |
| Disable resource | Temporarily remove a resource from the request catalogue |
| Delete resource | Permanently remove a resource |
Groups (Admin)¶
Manage AD and Entra ID groups that RP-PAM controls.
All Users (Admin)¶
List, search, and manage user accounts.
| Action | Description |
|---|---|
| View user | See profile, roles, access history, and MFA status |
| Edit roles | Assign or remove pam_admin, pam_approver, pam_user roles |
| Reset MFA | Clear a user's MFA enrolment |
| Disable user | Prevent a user from logging in |
Roles (Admin)¶
View and manage role definitions and their associated permissions.
Modules (Admin)¶
View the status of each connected module (Active Directory, Entra ID, SSH, Database).
| Information | Description |
|---|---|
| Module name | The module type |
| Status | Healthy, Degraded, or Unhealthy |
| Last sync | When the module last synchronised data |
| Configuration | Link to module-specific settings |
AI Assistant¶
A conversational interface for natural-language access requests, risk analysis, and anomaly queries. Available only with Enterprise or MSP licences and a configured AI provider. See AI Assistant Overview.
Audit Log (Admin)¶
Searchable log of all actions in the system.
| Filter | Options |
|---|---|
| Date range | Start and end date/time |
| Event type | Login, access request, approval, provisioning, rotation, etc. |
| User | Filter by specific user |
| Resource | Filter by specific resource |
| Severity | Info, Warning, Error, Critical |
Compliance (Admin)¶
Pre-built compliance reports for common frameworks.
| Report | Description |
|---|---|
| Access Review | All current access grants with justification and approval chain |
| Privileged Account Inventory | All privileged accounts under management |
| Password Rotation History | When each credential was last rotated |
| Failed Access Attempts | Denied requests and login failures |
Settings (Admin)¶
System-wide configuration.
| Section | What You Configure |
|---|---|
| General | Server name, time zone, session timeout |
| Security Policies | MFA policy, password complexity, lockout thresholds |
| Cluster | Node configuration, database sync, Redis settings |
| License | View current licence, activate, renew |
Profile Menu (All Users)¶
Click your profile icon (bottom-left of sidebar) to access:
| Option | Description |
|---|---|
| Security Settings | Change password, manage MFA, view active sessions |
| Preferences | Theme (light/dark), notification settings |
| Sign Out | End your session |
Keyboard Shortcuts¶
| Shortcut | Action |
|---|---|
Ctrl + K / Cmd + K |
Open global search |
Ctrl + / / Cmd + / |
Open keyboard shortcut help |
Esc |
Close dialogs or modals |
Troubleshooting¶
| Problem | Cause | Solution |
|---|---|---|
| Portal does not load | Service not running or wrong port | Verify RP-PAM is running (systemctl status rppam or Get-Service RpPam); default port is 7101 |
| Certificate warning | Self-signed or untrusted certificate | Install a certificate from a trusted CA; add the CA to the browser's trust store |
| Sidebar items missing | Insufficient role | Contact your administrator to request pam_admin or pam_approver role |
| Session expires too quickly | Default 30-minute timeout | Admin can adjust sessionTimeoutMinutes in Settings > General |
| Portal is slow | Browser cache stale or server overloaded | Clear browser cache; check server resource utilisation |
| Dark mode not available | Feature requires v1.1+ | Upgrade to the latest version |
Next Steps¶
- Submitting Access Requests -- How to request privileged access
- MFA and TOTP Enrolment -- Set up multi-factor authentication
- Approval Workflows -- Understanding the approval process
RP-PAM v1.0.0 -- Copyright 2026 Ravenphyre. All rights reserved.