Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PAM : Questions on application launcher to launch credential less session

Go to solution
UVP
New Contributor II
New Contributor II

‎04/26/2023 04:43 PM - edited ‎05/02/2023 11:07 AM

Hi Team,

We are trying to setup PAM credential-less session for target application. As a part of initial setup, Saviynt CloudOps team helped us  to configure application plugin(Application Launcher) to launch credential less session.

As per our analysis , we are seeing  the plugin which we have created is tied up to particular application endpoint. Now we have below question on this setup: 

1. Is it possible to setup multiple application launcher for single endpoint? If yes, then What is maximum limit for this.

2. How can we use current application launcher for different endpoint? what steps we need to perform?

3. Is it possible to select different application launcher for same endpoint using 'Application Launcher' dropbox?

4. How many CPAM requests (concurrent session) catered by the remote application server? Is there any session limit ?

UVP_0-1682551812503.png

 

 

Thanks,

Umesh

Labels:
0 Kudos
6 REPLIES 6

Go to solution
NageshK
Saviynt Employee
Saviynt Employee

‎05/02/2023 01:03 PM

@UVP Thanks for posting your question in forums. Please find below the responses inline:

1. Is it possible to setup multiple application launcher for single endpoint? If yes, then What is maximum limit for this.

[NK] : Yes, this is possible. When you have this requirement, please create a FD ticket with the details of the app launcher to be associated with the endpoint. Regarding the limit, it depends on the details we have to capture for each application. How many applications are you planning to associate with the endpoint? Is it in tens or hundreds?

2. How can we use current application launcher for different endpoint? what steps we need to perform?

[NK] The association between an endpoint and application launcher is defined in "endpoints_properties" table. You can write a customquery to modify these associations

3. Is it possible to select different application launcher for same endpoint using 'Application Launcher' dropbox?

[NK] Yes, please see this article in doc portal to understand what kind of multiple request scenarios are supported. 
https://docs.saviyntcloud.com/bundle/CPAM-User-Guide-v2022x/page/Content/A-PAM-Requests/Privileged-A...

4. How many CPAM requests (concurrent session) catered by the remote application server? Is there any session limit?
[NK] I will get back on this. In the meanwhile, do you have any estimated volume of sessions or total users that will use app launcher?

Thanks,

Nagesh K

0 Kudos

Go to solution
UVP
New Contributor II
New Contributor II
In response to NageshK

‎05/03/2023 09:25 AM

Thanks Nagesh.

We have some follow-up questions :

1. Is it possible to setup multiple application launcher for single endpoint? If yes, then What is maximum limit for this.

[NK] : Yes, this is possible. When you have this requirement, please create a FD ticket with the details of the app launcher to be associated with the endpoint. Regarding the limit, it depends on the details we have to capture for each application. How many applications are you planning to associate with the endpoint? Is it in tens or hundreds?

- We have less than ten applications which we are planning to associate with the endpoint

2. How can we use current application launcher for different endpoint? what steps we need to perform?

[NK] The association between an endpoint and application launcher is defined in "endpoints_properties" table. You can write a customquery to modify these associations

- Please share this query to perform endpoint and application launcher association.

4. How many CPAM requests (concurrent session) catered by the remote application server? Is there any session limit?
[NK] I will get back on this. In the meanwhile, do you have any estimated volume of sessions or total users that will use app launcher?

-We have less then 100 users/CPAM requests but just wanted to understand the ideal session limit

Thanks,

Umesh

0 Kudos

Go to solution
NageshK
Saviynt Employee
Saviynt Employee

‎05/08/2023 07:00 AM - edited ‎05/08/2023 07:35 AM

@UVP @Dheeraj_Reddy please find below the additional details 

1. You should be good with 10 applications

2. Query to use in custom query job for associating remote app with a given endpoint 
update endpoints_properties set apptypekey = (select apptypekey from applicationtype where APPLICATION_GROUP = 'AD') where endpointkey = <provide the endpoint key of the endpoint for which AD remote app has to be associated>

Both the tables applicationtype and endpoints_properties are accessible through data analyzer

3. With the standard remote app setup that contains 2 session host servers, a max of 80 concurrent sessions can be support. With less than 100 CPAM users in total, you should be good with the standard setup unless all 100 users are trying to access remote apps all the time. If that is the case, you will have to work with CloudOps team for getting one more session host server.

 

Thanks,

Nagesh K

0 Kudos

Go to solution
UVP
New Contributor II
New Contributor II
In response to NageshK

‎05/09/2023 11:17 AM

Hi Nagesh,

 

Thanks for your help.

After identifying correct app key for Okta we are able to associated remote app with give endpoint.

Go to solution
Nishanth
New Contributor III
New Contributor III
In response to NageshK

‎08/28/2023 12:23 PM

Hi @NageshK 

Could you pls help how to excute this in v23.7 Execute Extension Queries (CUSTOMQUERYJOB) is not available (discontinued)

update endpoints_properties set apptypekey = (select apptypekey from applicationtype where APPLICATION_GROUP = 'AD') where endpointkey = <provide the endpoint key of the endpoint for which AD remote app has to be associated>

0 Kudos

Go to solution
puneetkhullar
Saviynt Employee
Saviynt Employee

‎08/30/2023 02:27 PM

Hi Team,

Solution from 23.7 version onwards is to use the Enhance Query Job with syntax as below by choosing Update as the Operation: 

 

SELECT 51 AS ENDPOINTS_PROPERTIES__APPTYPEKEY, ep.ENDPOINTS_PROPERTIES_KEY AS ENDPOINTS_PROPERTIES__PRIMARYKEY FROM ENDPOINTS_PROPERTIES ep WHERE ep.ENDPOINTKEY = 48

Copyright © 2024 Khoros, LLC