Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/26/2023 04:43 PM - edited 05/02/2023 11:07 AM
Hi Team,
We are trying to setup PAM credential-less session for target application. As a part of initial setup, Saviynt CloudOps team helped us to configure application plugin(Application Launcher) to launch credential less session.
As per our analysis , we are seeing the plugin which we have created is tied up to particular application endpoint. Now we have below question on this setup:
1. Is it possible to setup multiple application launcher for single endpoint? If yes, then What is maximum limit for this.
2. How can we use current application launcher for different endpoint? what steps we need to perform?
3. Is it possible to select different application launcher for same endpoint using 'Application Launcher' dropbox?
4. How many CPAM requests (concurrent session) catered by the remote application server? Is there any session limit ?
Thanks,
Umesh
Solved! Go to Solution.
05/02/2023 01:03 PM
@UVP Thanks for posting your question in forums. Please find below the responses inline:
1. Is it possible to setup multiple application launcher for single endpoint? If yes, then What is maximum limit for this.
[NK] : Yes, this is possible. When you have this requirement, please create a FD ticket with the details of the app launcher to be associated with the endpoint. Regarding the limit, it depends on the details we have to capture for each application. How many applications are you planning to associate with the endpoint? Is it in tens or hundreds?
2. How can we use current application launcher for different endpoint? what steps we need to perform?
[NK] The association between an endpoint and application launcher is defined in "endpoints_properties" table. You can write a customquery to modify these associations
3. Is it possible to select different application launcher for same endpoint using 'Application Launcher' dropbox?
[NK] Yes, please see this article in doc portal to understand what kind of multiple request scenarios are supported.
https://docs.saviyntcloud.com/bundle/CPAM-User-Guide-v2022x/page/Content/A-PAM-Requests/Privileged-A...
4. How many CPAM requests (concurrent session) catered by the remote application server? Is there any session limit?
[NK] I will get back on this. In the meanwhile, do you have any estimated volume of sessions or total users that will use app launcher?
Thanks,
Nagesh K
05/03/2023 09:25 AM
Thanks Nagesh.
We have some follow-up questions :
1. Is it possible to setup multiple application launcher for single endpoint? If yes, then What is maximum limit for this.
[NK] : Yes, this is possible. When you have this requirement, please create a FD ticket with the details of the app launcher to be associated with the endpoint. Regarding the limit, it depends on the details we have to capture for each application. How many applications are you planning to associate with the endpoint? Is it in tens or hundreds?
- We have less than ten applications which we are planning to associate with the endpoint
2. How can we use current application launcher for different endpoint? what steps we need to perform?
[NK] The association between an endpoint and application launcher is defined in "endpoints_properties" table. You can write a customquery to modify these associations
- Please share this query to perform endpoint and application launcher association.
4. How many CPAM requests (concurrent session) catered by the remote application server? Is there any session limit?
[NK] I will get back on this. In the meanwhile, do you have any estimated volume of sessions or total users that will use app launcher?
-We have less then 100 users/CPAM requests but just wanted to understand the ideal session limit
Thanks,
Umesh
05/08/2023 07:00 AM - edited 05/08/2023 07:35 AM
@UVP @Dheeraj_Reddy please find below the additional details
1. You should be good with 10 applications
2. Query to use in custom query job for associating remote app with a given endpoint
update endpoints_properties set apptypekey = (select apptypekey from applicationtype where APPLICATION_GROUP = 'AD') where endpointkey = <provide the endpoint key of the endpoint for which AD remote app has to be associated>
Both the tables applicationtype and endpoints_properties are accessible through data analyzer
3. With the standard remote app setup that contains 2 session host servers, a max of 80 concurrent sessions can be support. With less than 100 CPAM users in total, you should be good with the standard setup unless all 100 users are trying to access remote apps all the time. If that is the case, you will have to work with CloudOps team for getting one more session host server.
Thanks,
Nagesh K
05/09/2023 11:17 AM
Hi Nagesh,
Thanks for your help.
After identifying correct app key for Okta we are able to associated remote app with give endpoint.
08/28/2023 12:23 PM
Hi @NageshK
Could you pls help how to excute this in v23.7 Execute Extension Queries (CUSTOMQUERYJOB) is not available (discontinued)
update endpoints_properties set apptypekey = (select apptypekey from applicationtype where APPLICATION_GROUP = 'AD') where endpointkey = <provide the endpoint key of the endpoint for which AD remote app has to be associated>
08/30/2023 02:27 PM
Hi Team,
Solution from 23.7 version onwards is to use the Enhance Query Job with syntax as below by choosing Update as the Operation:
SELECT 51 AS ENDPOINTS_PROPERTIES__APPTYPEKEY, ep.ENDPOINTS_PROPERTIES_KEY AS ENDPOINTS_PROPERTIES__PRIMARYKEY FROM ENDPOINTS_PROPERTIES ep WHERE ep.ENDPOINTKEY = 48