Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/24/2023 08:27 AM
Team,
We are trying to enable a credential-less session for AWS/GCP databases with supported App Launcher feature. In CPAM User guide we found that App Launcher is supported for Databases but don't find clear documentation for supported database type/clients. Also didn't find clear steps to enable App Launcher.
We found below document to Configure PAM for Connected application in that we found one line where it is mentioned to open a DevOps ticket to enable remote app feature for applications which are not supported by default.
So trying to understand if we need to open a DevOps ticket for AWS/GCP databases to enable remote App? Also can someone help me with documentation to enable App Launcher for AWS/GCP databases, And what are the supported database type and clients for App Launcher?
Solved! Go to Solution.
09/24/2023 08:30 PM
Have you resolved this?
09/27/2023 07:37 PM
@Saathvik @BrandonLucas_BF I'm working on getting the remote app process documented. In the meanwhile please use the below table to get an understanding of the remote apps available today. For any other remote app outside of this list, Saviynt Support team will have to create scripts and so it will take a lot more time to get back on such requests. Let me know if this table is helpful.
Target | Remote App available Out of the box? | Config available Out of the box? | Support Ticket Req? | Client Install Req? | Installalbe Required from Customer? |
AWS Console | Yes | Yes | No | No | N/A |
GCP Console | Yes | Yes | No | No | N/A |
Okta Console | Yes | Yes | No | No | N/A |
Azure Console | Yes | No | Yes | No | N/A |
Azure AD (Entra ID) Console | Yes | No | Yes | No | N/A |
Active Directory Users and Computers (ADUC) | Yes | Yes | Yes | Yes | No |
MySQL Workbench | Yes | Yes | Yes | Yes | No |
SAP GUI | Yes | Yes | Yes | Yes | Yes |
MS SQL | Yes | No | Yes | Yes | No |
Toad | Yes | No | Yes | Yes | Yes |
Oracle EBS | Yes | No | Yes | Yes | Yes |
Salesforce Console | Yes | No | Yes | No | N/A |
Workday Console | Yes | No | Yes | No | N/A |
Oracle SQL Developer | Yes | No | Yes | Yes | Yes |
Thanks
Nagesh K
09/27/2023 07:40 PM
Thanks @NageshK . This is helpful. So to narrow down, what extra config must be done for what's in this table as supported out of the box? Using an example of ADUC, we have the remote app server configured, and AD PAM credential rotation and credetialless configurations in place, but it is not clear how to use the ADUC capability as there is not much documentation.
I think that would apply for about everything on this list.
09/27/2023 08:23 PM
@BrandonLucas_BF For all entries where "Config available out of the box" is mentioned as yes, post Bootstrap process and delta sync, you will observe that upon selecting a credentialless account, a dropdown will be shown as given in below screenshot. At this stage, you can submit the request but the underlying remote app infra is not configured with the ADUC client yet. For this purpose, you will have to open a support ticket, as mentioned in the above table so that Support Team can setup the ADUC client and the remote app. Once support team's task is done, you will be able to launch remote app session with ADUC.
09/27/2023 08:32 PM
The confusion for this is that I had a support ticket open for this very thing (dev and prod). They configured the app server and closed the ticket but the ADUC use case still does not work. I will seek to have the tickets reopened.
09/27/2023 08:46 PM
@BrandonLucas_BF Yes, it usually takes two tickets here as one ticket is to build the entire remote app infra itself and the second ticket would be to install ADUC client and configure the remote app.
I suggest opening a new ticket just so that it is clear to the support team that a remote app infra is already in place and they have to now just setup ADUC client.
Thanks,
Nagesh K