Symantec Privileged Access Management

  • 1.  Verifying multiple Target Accounts

    Posted Jan 05, 2018 11:25 AM
      |   view attached

    Currently running PAM Xsuite 2.8.3. We have several Devices and Target Accounts that we've entered but have to Verify each account manually. My question, is there a way to Verify multiple Target Accounts vs verifying one account at a time?

     

    Our current process is Targets > Accounts > Selecting "Update Both The Password Authority Server and The Target" > Save to Verify.

     

    We have to do this manual process for each account. Is there a simpler way or script of accomplishing this task for multiple Accounts?

     

    (See attached screenshot)



  • 2.  Re: Verifying multiple Target Accounts
    Best Answer

    Broadcom Employee
    Posted Jan 05, 2018 12:20 PM

    Hi Fleming,

     

    Yes there is an automated way to do this. You would need to create a scheduled job. You can define a list of accounts to have it verify at your desired recurrence.

     

    Info on setting up a password verification job can be found here:

    2.8.x: Schedule Target Account Activities - CA Privileged Access Manager - 2.8.3 - CA Technologies Documentation 

    3.x: Schedule Target Account Activities - CA Privileged Access Manager - 3.0.2 - CA Technologies Documentation 

     

    Hope this helps,

    Christian Lutz

    Support Engineer

    CA Technologies -North America



  • 3.  RE: Re: Verifying multiple Target Accounts

    Broadcom Employee
    Posted Aug 20, 2019 02:28 PM
    Christian,

    Based on this response, it appears that you'd assume that it was the same accounts that will be ones that need to be verified.  I have a client that rotates accounts every weekend, and some of the target accounts are not successfully changed (some of the target accounts are getting locked out - and in addition, it's different accounts that are locked out).  The client has a separate AD process to go through and unlock accounts automatically, but they want a process within PAM to verify the accounts that failed previously.

    Is there a way to schedule a job to only verify the accounts that are were not previously verified, or do we have to setup a job to verify all of the accounts?


  • 4.  RE: Re: Verifying multiple Target Accounts

    Broadcom Employee
    Posted Aug 20, 2019 11:34 PM
    Team,

    It looks like you can schedule a job with based on the unverified "failed" accounts.  Please disregard my previous email.