Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/17/2023 10:09 AM
05/23/2023 01:23 PM
@Nagendra Thanks for posting your question. Your first question is not clear. Are you asking if the account import process will associate the accounts to the user who triggered the job? No, that is not how it works. Also, PAM Bootstrap job will internally trigger account import and pull in the accounts from the target system where the target system is a linux, windows and database. However if you are looking for correlating accounts to the users then you will have to trigger account import separately.
For the second question : Yes, the accounts mentioned in PAM_CONFIG's IDQuery* sections should be present in the target prior to the bootstrap. Saviynt will not create them
Thanks,
Nagesh K
05/25/2023 04:45 AM
@NageshK Thanks for replying.
Regarding the first question is, We observed that when bootstrapping on-premises windows workload, a new connection, SS, and EP were created. However, within the newly created Windows endpoints, an account named "<User>" was created as "FIREFIGHTERID." "<User>" refers to the person who executed the pambootstrap job.Is this the intended behavior?
06/07/2023 07:01 AM
@Nagendra That is not expected. After bootstrap you are expected to see the accounts, at least one local account that is present on the server. The account with <user> is probably due to the JIT launch that someone might had performed post the bootstrap. Do you see this server showing up for request? And what is the PAM State of the endpoint? (you will find this in the PAM Attributes tab of the Endpoint)
Thanks,
Nagesh K