Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Looking for documentation/steps to enable App Launcher for AWS/GCP databases

Saathvik
All-Star
All-Star

Team,

We are trying to enable a credential-less session for AWS/GCP databases with supported App Launcher feature. In CPAM User guide we found that App Launcher is supported for Databases but don't find clear documentation for supported database type/clients. Also didn't find clear steps to enable App Launcher.

https://docs.saviyntcloud.com/bundle/CPAM-User-Guide-v2022x/page/Content/A-PAM-Requests/Privileged-A...

We found below document to Configure PAM for Connected application in that we found one line where it is mentioned to open a DevOps ticket to enable remote app feature for applications which are not supported by default.

https://docs.saviyntcloud.com/bundle/CPAM-Admin-Guide-v23x/page/Content/E-Onboard-Target-Endpoint/Co...

So trying to understand if we need to open a DevOps ticket for AWS/GCP databases to enable remote App? Also can someone help me with documentation to enable App Launcher for AWS/GCP databases, And what are the supported database type and clients for App Launcher?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
6 REPLIES 6

BrandonLucas_BF
Regular Contributor III
Regular Contributor III

Have you resolved this?

NageshK
Saviynt Employee
Saviynt Employee

@Saathvik @BrandonLucas_BF I'm working on getting the remote app process documented. In the meanwhile please use the below table to get an understanding of the remote apps available today. For any other remote app outside of this list, Saviynt Support team will have to create scripts and so it will take a lot more time to get back on such requests. Let me know if this table is helpful. 

TargetRemote App available Out of the box?Config available Out of the box?Support Ticket Req?Client Install Req?Installalbe Required from Customer?
AWS ConsoleYesYesNoNoN/A
GCP ConsoleYesYesNoNoN/A
Okta ConsoleYesYesNoNoN/A
Azure ConsoleYesNoYesNoN/A
Azure AD (Entra ID) ConsoleYesNoYesNoN/A
Active Directory Users and Computers (ADUC)YesYesYesYesNo
MySQL WorkbenchYesYesYesYesNo
SAP GUIYesYesYesYesYes
MS SQLYesNoYesYesNo
ToadYesNoYesYesYes
Oracle EBSYesNoYesYesYes
Salesforce ConsoleYesNoYesNoN/A
Workday ConsoleYesNoYesNoN/A
Oracle SQL DeveloperYesNoYesYesYes

 Thanks

Nagesh K

BrandonLucas_BF
Regular Contributor III
Regular Contributor III

Thanks @NageshK . This is helpful. So to narrow down, what extra config must be done for what's in this table as supported out of the box? Using an example of ADUC, we have the remote app server configured, and AD PAM credential rotation and credetialless configurations in place, but it is not clear how to use the ADUC capability as there is not much documentation.

I think that would apply for about everything on this list.

 

NageshK
Saviynt Employee
Saviynt Employee

@BrandonLucas_BF For all entries where "Config available out of the box" is mentioned as yes, post Bootstrap process and delta sync, you will observe that upon selecting a credentialless account, a dropdown will be shown as given in below screenshot. At this stage, you can submit the request but the underlying remote app infra is not configured with the ADUC client yet. For this purpose, you will have to open a support ticket, as mentioned in the above table so that Support Team can setup the ADUC client and the remote app. Once support team's task is done, you will be able to launch remote app session with ADUC. 

NageshK_1-1695871319747.png

 

 

 

BrandonLucas_BF
Regular Contributor III
Regular Contributor III

The confusion for this is that I had a support ticket open for this very thing (dev and prod). They configured the app server and closed the ticket but the ADUC use case still does not work. I will seek to have the tickets reopened.

 

NageshK
Saviynt Employee
Saviynt Employee

@BrandonLucas_BF Yes, it usually takes two tickets here as one ticket is to build the entire remote app infra itself and the second ticket would be to install ADUC client and configure the remote app. 

I suggest opening a new ticket just so that it is clear to the support team that a remote app infra is already in place and they have to now just setup ADUC client. 

Thanks,

Nagesh K