Hi Team,I have configured a DB connector for SQL server with the CREATEACCOUNTJSON query below.{ "CreateAccountQry": [ "CREATE LOGIN ${accountName} WITH PASSWORD = '${randomPassword}'" ]}When I try to access using JIT the account is not ...
Hello Everyone,If you have configured CPAM setup with Azure, could you please provide/share "PAM config" JSON and any reference links or process steps would be appreciated. Thanks in advance....Thanks, ...
Hi Team,We are having few shared accounts configured for CPAM . When we want to get any privileged access we are raising request for a particular account. We are having a requirement that in the email template which is going to the approver, it shoul...
Hi Team, I have recently bootstrapped several Windows servers using the CSV file upload. Initially, the job was successful, and the endpoints were Pam-enabled with No errors. I took a closer look at one of the endpoints after realizing I could not re...
For Creating a discovery job I am facing issues in writing the argument. In the argument, I am not able to give the path of csv file .Can you help in this? [This post has been edited by a Moderator to move to its own post.]
Hi Team,is there any KB which will have step by step instruction for AD-Role provision and deprovision for CPAM enabled account.
We are trying to setup the one level manager approval workflow and configuring the Actionable email template for the Same, just want to know how to bring the PAM type, Business justification, commands, and Start and end time/date in the email? in Dat...
Hi Team,We have a usecase from the client where they want to manage the service account via CPAM and the password rotation should be done via 'Manage Service Account' feature. Please let us know how we can configure it.
Hi All,Could someone please suggest us how to extract the PIDs onboarded for each application in CPAM
Hi Team,Could someone confirm if the below understanding of the Change Password flow for automatic password rotation of local admin account of Custom Apps is correct:Automatic Password Rotation for Custom Apps: when we go to the manual password updat...
1. can we manage SAP applications and service accounts using Saviynt CPAM ?2. what will be the emergency access process when the CPAM application is down (assuming all its failover instances are down too)
Hi Team,Wanted to know if we have any documentation around what is the expected result from ConnectionJSON and ChangePasswordJSON.For instance: will ConnectionJSON, just give 200 OK response or more (like in the body)? same goes for ChangePasswordJSO...
Hi Team,We are trying to setup PAM credential-less session for target application. As a part of initial setup, Saviynt CloudOps team helped us to configure application plugin(Application Launcher) to launch credential less session.As per our analysi...
Hello,We are trying to Enable the PAM feature for a specific Linux Instance. However, when we run the PAM bootstrap job, it didn't turn ON the PAM. Now it's throwing an error when we try to modify the Configuration on the PAM Attributes tab of the e...
Hello,We want to comprehend the most recent CPAM Azure functionality in Saviynt because we have to configure the following Azure use cases in the Digicel environment.Azure Cloud platform – Windows/Unix/DB serverIntegrate Saviynt CPAM with Azure cloud...
We are trying to implement CPAM to protect workloads in GCP, AWS , Azure & on-perm. Saviynt SC 2.0 client is already deployed. Can we do discovery & bootstrapping automatically or should we be using Saviynt Discovery tool to scan & onboard ?
Hi,I am looking to enable ssh launcher for existing AD accounts.can some one please point me in the direction for the process?Thanks
Hi All,Could someone let us know if we can store the certificates in CPAM.RegardsGazala
For CPAM, in creating an Active Directory connection, what are the delegated permissions required for the "master" account to be able to rotate privileged accounts in Active Directory?It obviously will need "reset passwords" access to the accounts, a...
I want to save the customproperty while creating an account in Jar connector, just as I use "responseColsToPropsMap" to save account properties in REST Connector.CreateAccountJSON{"fullyQualifiedClassName": "com.sav.connector.sample1.DemoCase1","meth...
Hello,We have an implementation that requires no shared accounts be used. Is there a way to bootstrap endpoints that doesn't use shared local/domain accounts and only uses unique domain accounts as the privileged access method?So instead of user's us...
Hello,We are referring to the below document for Saviynt Break Glass Process. Can you please answer the below questions:Document link: https://docs.saviyntcloud.com/bundle/CPAM-Admin-Guide-v23x/page/Content/J-Break-Glass/Setting-Up-Break-Glass.htmQue...
Hi Team, @Dheeraj_Reddy We have a request from client, where they want us to check whether it's possible to do Saviynt -AWS secret manger integration.Let us know if we can do this Saviynt - AWS secret manager integration to manage secrets.?Thanks,Ume...
Hello,We have a use case that requires provisioning of JIT access for shared accounts. We will be implementing a privileged access workflow wherein the requestor will place a request for a particular account on an asset. Once the approver approves th...
Getting an error while trying to access the domain account for credentials error: credential.checkout.failed Any one know how to fix this issue?, error screenshot attached [This post has been edited by a Moderator to add the screenshots.]
When provisioning from Saviynt to soap connector, the response value is successful, but it is not reflected in the target.Postman also does not reflect on consecutive calls, but if set the delay for 30 seconds, it is reflected normally.Can I set the ...
Hi,Is there any way to fetch the Privilege ID names from a Privileged Access Request?.Suppose, I raised a Privileged Access Request for three privilege ID, I need to fetch their names in the Email Template.Here, is an output of :${this.binding.variab...
Hi Team,We would like to understand how best we might configure a Privileged Access Cert in Saviynt to review high risk access.Do we have any article on PAM certification in saviynt?If yes, plz provide the link.Regards,Ekata
We have a requirement to Grant access to authorized users and restrict access to unauthorized users. So I have created two Enterprise Roles: ITSecurity_PAMUsers and PAM_TEST_ROLEThe goal is that the ITSecurity_PAMUsers should only be the one who has ...
Team,We have a use case where users will request database privileged accounts in Saviynt. As part of account creation we are populating a CP value which we are using to identify the accounts that needs to be bootstrapped/vaulted .Once vaulted we are ...
Team, I want to check if there is any API or another method to do bulk update of Account PAM_CONFIG settings after account got enabled for PAM. Similar to below APIhttps://documenter.getpostman.com/view/6171505/U16bvotf#3d6bbe19-eb2f-4207-a5f7-568a1a...
Team,We have a use case where users will request database privileged accounts in Saviynt. As part of account creation we are populating a CP value which we are using to identify the accounts that needs to be bootstrapped/vaulted .Now once account is ...
We have few questions regarding to role based access method 1. what is the best use case/scenario for role based access method2. Is the role based access, can be given to persistent domain account or local account Ex Can Azure roles be assigned to a...
Hello,we have a connection where we need to put the current date format that is : yyyy-MM-dd'T'HH:mm:ssXXX, into the application in question while doing a disable account.Do we have that attribute in SAVIYNT to respect that format ?
Hi,i created a job to onboard on-prem workloads using Invoke Extension JAR Job(External JAR), however this job is always failing. can anyone please explain what should be the baseurl and EVQuery in the Arguments JSON.{"url":"<baseurl>","filepath":"/s...
Hi Team,Does Password Reconciliation feature is supported for other targets like Databases? If so can someone suggest the necessary changes?Based on this documentation: https://docs.saviyntcloud.com/bundle/CPAM-Admin-Guide-v2022x/page/Content/G-Passw...
Team,Is there a job we can use to run a bootstrap of all PAM enabled endpoints associated to cloud endpoint?Use case:We have 100s of databases from a GCP cloud and each of these database is onboarded as separate endpoint and they are PAM Enabled.All ...
I have configured AD connector and enabled PAM. When going to Privileged Access -> New Privileged Access -> Active Directory, I don't see the AD endpoint listed. I don't see any issue at the endpoint level as under PAM attributes, PAM is set to Ena...
We're evaluating Saviynt features and creating some testing documentation, can someone provide more information on the following? 1. Saviynt can assume role to create a security group and attach it to any instance. If an intrusion is detected in the ...
For our customer, being able to seperate admin accounts access from a secure admin environment is a mandatory requirement. They use PAW workstations and restrict adminsitrative access from only these devices. In the CPAM FAQ this is probably what we...
