Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/04/2023 02:11 PM
Hi Team,
We are working on CPAM Configuration to import Azure AD user account from target to Saviynt.
After Importing these Azure user accounts ,we wanted to make them as PAM enabled through Bootstrap Job.
We are unable to find any Saviynt documentation from where we can get sample PAM_CONFIG JSON to perform Bootstrap operation on these Azure accounts.
Could you please provide sample "PAM config" JSON and any reference links or process steps would be appreciated.
FYI -we referred below links to setup Azure AD connector:
Thanks,
Umesh
05/11/2023 01:20 PM
@UVP @Dheeraj_Reddy Thanks for posting your question. It seems that Bootstrap job is not supported on Azure AD as of today and the accounts have to PAM Enabled manually. Additionally, you will also have to use REST connection type to integrate with your Azure AD. I'm gathering more details on the process and will get back in a day or two.
Thanks,
Nagesh K
05/12/2023 12:31 PM
Hi @NageshK , Thanks for information.
We need to setup call with Client to explain overall Azure AD integration process for CPAM so please provide confirmation on this like which connector(Azure AD or REST) we need to use for CPAM Integration and Why?
Let us know if we have any limitation here for Azure AD.
Thanks,
Umesh
05/19/2023 09:15 AM
Hi @UVP @Dheeraj_Reddy Thanks for your patience in waiting for the response. I had to review the entire implementation to be sure of the steps.
To PAM Enable Azure AD Accounts:
Thanks,
Nagesh K
05/19/2023 02:14 PM
Hi Nagesh, Thanks for sharing all these information.
QQ:
Please share 'Change Password' Json for Rest connector (Azure AD)?
Thanks,
Umesh
06/01/2023 09:38 AM
Hi @NageshP
we followed the above process, while PAM enabling the AzureAD account the password change task was struck in pending "Provisioning cmd: Adding password to vault failed for account: accountname" and we dont see any option to add the vault in AzureAD connector, could you pls help to fix this issue.
06/01/2023 09:43 AM
05/19/2023 02:22 PM
@UVP here it is:
{
"call": [{
"name": "call1",
"connection": "userAuth",
"url": "https://graph.microsoft.com/v1.0/users/${account.accountID}",
"httpMethod": "PATCH",
"httpParams": "{\"passwordPolicies\" :\"DisableStrongPassword\",\"passwordProfile\" : {\"password\":\"${requestAccessAttributes?.savpassword==null? password : requestAccessAttributes.savpassword}\",\"forceChangePasswordNextSignIn\": false}}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204,
205
]
}
}]
}
Thanks,
Nagesh K