Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/22/2023 07:40 PM
We are currently integrating AD with Saviynt CPAM for AD Console Access + RDP.
Steps followed:
Issue : We are not seeing the account in the New privilege access request page. Below is the PAM Config file used. Please let us know how to do we fix the issue.
{
"Connection": "AD",
"encryptionMechanism": "ENCRYPTED",
"CONSOLE": {
"maxCredSessionRequestTime": "36000",
"maxCredlessSessionRequestTime": "36000",
"maxIDRequestableTime": "2592000",
"shareableAccounts": {
"IDQueryCredentials": "acc.name in ('')",
"IDQueryCredentialless": "acc.name in ('NCArajal')"
},
"endpointAttributeMappings": [
{
"column": "accessquery",
"value": "where users.USERNAME is not null",
"feature": "endpointAccessQuery"
},
{
"column": "customproperty43",
"value": "PAMUserAccountAccessControl_Accounts",
"feature": "accountVisibilityControl"
}
],
"endpointPamConfig": {
"maxConcurrentSession": "50"
},
"accountVisibilityConfig": {
"accountCustomProperty": "customproperty55",
"accountMappingConfig": [
{
"accountPattern": "cpamuser*",
"mappingData": "roletest1",
"override": "false"
},
{
"accountPattern": "cpamuser1,cpamuser2",
"mappingData": "roletest2",
"override": "false"
}
]
}
}
}
06/26/2023 08:16 AM
06/30/2023 07:31 AM
@lionelrl As discussed in SME call, please request for Remote App setup. Once the setup is available, you will receive the details to populate in Global Config -> PAM. Then you should be able to launch AD Console sessions.
Thanks
Nagesh K