cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to update "PAM Enabled" to ON in Endpoint

piyushm
New Contributor II
New Contributor II

 

I am getting below error on UI when updating the "PAM Enable" button to ON at endpoint level.

The PAM_CONFIG json is also updated in the connection. The connection type is AD. 

 

piyushm_0-1667451690386.png

piyushm_1-1667451726449.png

 

4 REPLIES 4

rushikeshvartak
All-Star
All-Star

Can you share PAM_CONFIG ?

piyushm
New Contributor II
New Contributor II
 
{
      "Connection": "AD",
    "maxRequestTime": "10",
      "EVQuery": "",
      "encryptionMechanism": "Encrypted",
      
      "Console": {
            "shareableAccounts": {
                  "IDQueryCredentials": "acc.name in ('')",
                  "IDQueryCredentialless": "acc.name in ('')",
                  "IDQueryServiceAccounts": "acc.customproperty2 in ('')"
            },
            "saviyntVaultConnection": "#############",
            "maxIDRequestableTime": "36000",
            "maxCredSessionRequestTime": "36000",
            "maxCredlessSessionRequestTime": "36000",
            "maxConcurrentSession": "36000",
            "endpointAttributeMappings": [
              {
                  "column": "accessquery",
                  "value": "",
                  "feature": "endpointAccessQuery"
              },
              {
                  "column": "allowChangePassword_sqlquery",
                  "value": "",
                  "feature": "allowChangepasswordquery"
              },
              {
                  "column": "customproperty43",
                  "value": "PAMDefaultUserAccountAccessControl",
                  "feature": "accountVisibilityControl"
              }
            ],
            "accountVisibilityConfig": {
              "accountCustomProperty": "customproperty55",
              "accountMappingConfig": [
                  {
                    "accountPattern": "*",
                    "mappingData": "",
                    "override": "false"
                  }
              ]
            }
      }
}

Belwyn
Saviynt Employee
Saviynt Employee

Hi @piyushm 

Thank you for reaching out to us, 

The JSON you have share is for the connection, for the account if you scroll to the end of page you can find (See the Screenshot)

Belwyn_0-1667976542570.png

Click edit button and then scroll to the end of page and update your PAM Account Config JSON to something like below :

{"defaultrequestabletimeforidinsecs":"86400","defaultrequestabletimeinsecs":"14400","maxrequestabletimeinsecs":"14400","diffbetweenrequests":"","authenticationType":"","maxrequestabletimeforidinsecs":"86400","Saviynt-Status":{"pamState":"ENABLED","pamType":"CREDENTIALLESS"},"ffidAlertTime":"0"}

Let us know if this helps,

Thanks & Regards, 
Belwyn.

 

sk
Regular Contributor
Regular Contributor

Have the configuration attribute under PAM Attributes section have below value

{"maxSessionWarnPeriodInSec":null,"maxReqExpWarnPeriodInSec":"600","maxSessionLimitInSec":null,"maxConcurrentSession":"10","maxInActiveTimeInSec":"300","maxInActiveWarnPeriodInSec":null}

Then you should be able to update PAM enable from UI