Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Unable to update "PAM Enabled" to ON in Endpoint

piyushm
Regular Contributor II
Regular Contributor II

 

I am getting below error on UI when updating the "PAM Enable" button to ON at endpoint level.

The PAM_CONFIG json is also updated in the connection. The connection type is AD. 

 

piyushm_0-1667451690386.png

piyushm_1-1667451726449.png

 

4 REPLIES 4

rushikeshvartak
All-Star
All-Star

Can you share PAM_CONFIG ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

piyushm
Regular Contributor II
Regular Contributor II
 
{
      "Connection": "AD",
    "maxRequestTime": "10",
      "EVQuery": "",
      "encryptionMechanism": "Encrypted",
      
      "Console": {
            "shareableAccounts": {
                  "IDQueryCredentials": "acc.name in ('')",
                  "IDQueryCredentialless": "acc.name in ('')",
                  "IDQueryServiceAccounts": "acc.customproperty2 in ('')"
            },
            "saviyntVaultConnection": "#############",
            "maxIDRequestableTime": "36000",
            "maxCredSessionRequestTime": "36000",
            "maxCredlessSessionRequestTime": "36000",
            "maxConcurrentSession": "36000",
            "endpointAttributeMappings": [
              {
                  "column": "accessquery",
                  "value": "",
                  "feature": "endpointAccessQuery"
              },
              {
                  "column": "allowChangePassword_sqlquery",
                  "value": "",
                  "feature": "allowChangepasswordquery"
              },
              {
                  "column": "customproperty43",
                  "value": "PAMDefaultUserAccountAccessControl",
                  "feature": "accountVisibilityControl"
              }
            ],
            "accountVisibilityConfig": {
              "accountCustomProperty": "customproperty55",
              "accountMappingConfig": [
                  {
                    "accountPattern": "*",
                    "mappingData": "",
                    "override": "false"
                  }
              ]
            }
      }
}

Belwyn
Saviynt Employee
Saviynt Employee

Hi @piyushm 

Thank you for reaching out to us, 

The JSON you have share is for the connection, for the account if you scroll to the end of page you can find (See the Screenshot)

Belwyn_0-1667976542570.png

Click edit button and then scroll to the end of page and update your PAM Account Config JSON to something like below :

{"defaultrequestabletimeforidinsecs":"86400","defaultrequestabletimeinsecs":"14400","maxrequestabletimeinsecs":"14400","diffbetweenrequests":"","authenticationType":"","maxrequestabletimeforidinsecs":"86400","Saviynt-Status":{"pamState":"ENABLED","pamType":"CREDENTIALLESS"},"ffidAlertTime":"0"}

Let us know if this helps,

Thanks & Regards, 
Belwyn.

 

Saathvik
All-Star
All-Star

Have the configuration attribute under PAM Attributes section have below value

{"maxSessionWarnPeriodInSec":null,"maxReqExpWarnPeriodInSec":"600","maxSessionLimitInSec":null,"maxConcurrentSession":"10","maxInActiveTimeInSec":"300","maxInActiveWarnPeriodInSec":null}

Then you should be able to update PAM enable from UI


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.