Layer7 Privileged Access Management

Expand all | Collapse all

LDAP groups in CA PAM

Jump to Best Answer
  • 1.  LDAP groups in CA PAM

    Posted 03-22-2018 09:55 AM



    Can someone please let us know how can we assign a credential manager group to a LDAP group in CA PAM. I want a group of users in LDAP can get credential manager access directly by assigning a membership. But in PAM GUI, I don't see any option to add credential manager groups for LDAP groups. It is there not individual user not for group. Help please ?

  • 2.  Re: LDAP groups in CA PAM
    Best Answer

    Posted 03-23-2018 04:37 AM
      |   view attached

    This is a known limitation in the product.

    It is only possible to assign individual users to Credential Manager Groups - assigning User Groups is not possible.


    I suggest to raise an Idea in this forum as per attached procedure notifying Product Management of your request.


  • 3.  Re: LDAP groups in CA PAM

    Posted 03-23-2018 09:12 AM

    Thank you Andreas, this limitations should be mentioned in Product documentations.

  • 4.  Re: LDAP groups in CA PAM

    Posted 03-23-2018 09:34 AM

    Hi Bipin, this is documented, see e.g. the following note on page


    "To assign the roles of Global Administrator, Operational Administrator, or Password Manager, apply these roles to the individual user record for each user in the group.”