Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

How to bootstrap accounts that are created on all endpoints associated to Cloud Endpoint in one job

Saathvik
All-Star
All-Star

Team,

Is there a job we can use to run a bootstrap of all PAM enabled endpoints associated to cloud endpoint?

Use case:

  1. We have 100s of databases from a GCP cloud and each of these database is onboarded as separate endpoint and they are PAM Enabled.
  2. All these endpoints have local accounts being requested through Saviynt.
  3. We are using bootstrap process to enable PAM for those local accounts

Now for all these databases we are using separate bootstrap job. Instead is there a way we can use one single job to bootstrap all PAM enabled endpoints under a GCP endpoint?

In previous versions we use to run Single Threaded Application Import Job using GCP connection which use to bootstrap all endpoints under it. We are looking for similar option in latest version where we use Microservices Job to bootstrap.

But we see bootstrap by account, bootstrap by endpoint and bootstrap by security system but we don't see anything like bootstrap by connection. Instead we see below two APIs are available. We want to understand how these APIs work can we use any of these to achieve our requirement?

{{url}}/pam/privilegedinstance/pamBootstrap

{{url}}/pam/bootstrap/async/complete 

 

cc @NageshK 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
2 REPLIES 2

NageshK
Saviynt Employee
Saviynt Employee

@Saathvik 
This can only be achieved if the corresponding databases had been initially bootstrapped via the GCP system or if the endpoints had been manually created they should have the same name as the entitlement. If the names doesn't match and if you run bootstrap against GCP System (Bootstrap on Security System/Endpoint will internally use the connection's PAM_CONFIG) by updating DB entitlements CP40, new endpoints will get created with the same name as that of the entitlement. And this will create a lot of issues. 

One way to achieve this is to write an external script (ex: postman) to call the bootstrap api programatically for each DB security System by reading the Security System key list from a file. The key list can be populated by writing an analytic control 

Thanks Nagesh for the explanation, Can you please let me know purpose of below API? Will it help us in anyway to achieve our use case?

{{url}}/pam/privilegedinstance/pamBootstrap


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.