Endpoints & Clients

Deploy agents on target servers (endpoints) and install the OnePAM CLI/GUI client on user workstations.

Endpoints (Agents)

An endpoint is a server or VM running the OnePAM agent. The agent registers with the control plane, advertises available resources, handles credential resolution, and relays session traffic through the gateway. Agents report system metrics (CPU, memory, disk), network topology, and health-check results.

Enrolling Endpoints

Navigate to Endpoints → Install and choose a deployment method:

Linux
curl -sSL https://onepam.com/install/YOUR_ORG_UUID | sudo bash
Docker
docker run -d --name onepam-agent \
  --privileged --pid=host --network=host \
  -e AGENT_API_URL=https://onepam.com \
  -e AGENT_TENANT_ID=YOUR_ORG_UUID \
  onepam/agent:latest
Automation

Ansible, Terraform, and Puppet modules are available. See the Installation docs for detailed instructions.

Optionally select a target group before copying the install command to automatically assign the agent to that group on registration.

Managing Endpoints

Dashboard

The Endpoints list shows each agent's hostname, OS, status (online/offline), IP address, CPU/memory/disk utilisation, group membership, and agent mode. Use the search and filter controls to narrow by status or OS.

Endpoint Detail

Click an endpoint to view:

  • System metrics — CPU, memory, disk gauges, load averages, uptime.
  • Network info — public/private IPs, routing role, routed subnets.
  • Health summary — posture score and health-check results.
  • Storage — per-disk usage.
  • Events — timeline of agent lifecycle events.
  • Resources — resources registered on this agent.
  • Recordings — session recordings from this agent.
Endpoint Settings
  • Custom name — override the hostname display.
  • Group assignment — move the endpoint to a different group.
  • Health checks — toggle monitoring and configure notification caps/cooldowns.
  • Built-in SSH server — enable or disable the agent's built-in SSH server.
  • Exit node — enable this endpoint as a VPN exit node (requires VPN entitlement).
Topology & Connections

The Topology view shows an interactive graph of endpoints connected through shared groups. The Connections view shows network addresses, group membership, and shared peers.

Clients (CLI & GUI)

The OnePAM client is installed on user workstations to provide CLI and GUI access to resources. Clients register with the control plane and go through a trust lifecycle.

Installing

Navigate to Clients → Install for platform-specific instructions:

  • Linuxcurl one-liner from updates.onepam.com.
  • macOS — Homebrew or direct download.
  • Windows — MSI installer or direct download.
Trust Lifecycle
  • Pending — newly registered, awaiting approval.
  • Trusted — approved by an administrator or the owning user.
  • Revoked — access has been revoked; the client can no longer connect.
Managing Clients

The Clients list shows each client's hostname, user, type (CLI/GUI), OS, version, trust status, and last-seen time. Administrators can approve, revoke, or delete clients.

Health Checks

Health checks let you monitor the availability of resources and endpoints. Probes run on the agent and report back to the control plane. Supported probe types:

  • HTTP — send an HTTP request and check the response status.
  • TCP — verify a TCP port is open.
  • Service (systemd) — check whether a systemd service is running on the host.

Configure health checks from the endpoint settings or the resource settings page. Set the check interval, timeout, and notification preferences.