Layer7 Privileged Access Management

Expand all | Collapse all

LDAP groups in CA PAM

Jump to Best Answer
  • 1.  LDAP groups in CA PAM

    Posted 03-22-2018 09:55 AM

    Hi.

     

    Can someone please let us know how can we assign a credential manager group to a LDAP group in CA PAM. I want a group of users in LDAP can get credential manager access directly by assigning a membership. But in PAM GUI, I don't see any option to add credential manager groups for LDAP groups. It is there not individual user not for group. Help please ?



  • 2.  Re: LDAP groups in CA PAM
    Best Answer

    Posted 03-23-2018 04:37 AM
      |   view attached

    This is a known limitation in the product.

    It is only possible to assign individual users to Credential Manager Groups - assigning User Groups is not possible.

     

    I suggest to raise an Idea in this forum as per attached procedure notifying Product Management of your request.

    Attachment(s)



  • 3.  Re: LDAP groups in CA PAM

    Posted 03-23-2018 09:12 AM

    Thank you Andreas, this limitations should be mentioned in Product documentations.



  • 4.  Re: LDAP groups in CA PAM

    Posted 03-23-2018 09:34 AM

    Hi Bipin, this is documented, see e.g. the following note on page https://docops.ca.com/ca-privileged-access-manager/3-1-1/EN/implementing/provision-your-server/provisioning-users/configure-user-groups:

     

    "To assign the roles of Global Administrator, Operational Administrator, or Password Manager, apply these roles to the individual user record for each user in the group.”