and more in a single search tool across platforms. Read the announcement here. |
06/26/2023 08:01 AM
Hi Team,
As part of password retrieval/credential/check-out, the users have to request for 2 time-slots for imported accounts like AzureAD accounts. Wanted to know if we can eliminate atleast one time-slot for Azure AD imported accounts.
I know we can elevate the feature of PAM PreAuthorized Users to eliminate one slot but that is only applicable for disconnected applications where we onboard the accounts manually via ' Manage Service Accounts'.
Can we do something similar for imported accounts like AzureAD accounts.
Solved! Go to Solution.
06/30/2023 07:28 AM
@gazanjum Thanks for posting your question. Manage Service Accounts feature can be utilized for any PAM Enabled accounts. As long as you have the Endpoint property "Service Account Type" populated with "FireFigtherID" in your Azure AD Endpoint, all PAM Enabled Azure AD accounts should start showing up in "Manage Service Accounts" where you can manage the pre-authorized users.
Thanks
Nagesh K
07/11/2023 02:47 AM - edited 07/11/2023 04:50 AM
Hi Nagesh,
I was able to find it, however there is an issue with PAM Authorized Users as it is not getting saved.
Regards
Gazala
07/11/2023 12:47 PM
Can you elaborate what do you mean by PAM Authorized users is not getting saved?
07/11/2023 11:36 PM
Hi Saathvik,
So after the version upgrade to 23.5, there is an issue which we are facing, where if you modify an account and add users to 'PAM Pre-authorized Users' this is not getting reflected even after the update account task is completed.
We faced the same issue in v22 as well.
Regards
Gazala
07/12/2023 07:14 AM
Ok I was thinking you are hitting another know issue after v23.1 till v23.4 where you won't be able to modify pre-authorized users without modify any other field. Next button won't get activated.
Looks like v23.5 it is fixed as per you comment but you are hitting another issue after you submit the request.
So if understand it correctly after task completed when you go to PAM Pre-Authorized users you still see old list?
07/12/2023 09:27 AM
No Saathvik, that issue is also not fixed.
So there are basically 2 issues which I have encountered:
1.you won't be able to modify pre-authorized users without modify any other field. Next button won't get activated.
2.Even if we bypass the first issue, the user added to PAM Pre-Authorized does not get reflected.
07/12/2023 10:11 AM
Okay got it, Looks to me as bug in latest version as we didn't see that issue in v23.3, Let me check v23.4.
07/12/2023 10:19 AM - edited 07/12/2023 10:19 AM
I can confirm in v23.4 it is working as expected. After update task completed I can see newly added user reflecting in the list of pre authorized users. I would suggest open a support ticket with Saviynt for this issue and see if they identifies this as a bug
07/12/2023 11:42 PM
I agree on that, it was working on 23.4 as I tested some use cases however when we were upgraded to 23.5 this again stopped working.
Regards
Gazala Anjum