I have a use case that requires one role to access two credentials via su transparent login on the same target server. When creating the access policy for the role and server you can not enter more than one credential in the transparent login area. Is this a bug or by design? How would we implement something like this?
Is this related to CA Directory product? If yes, please provide version and service pack of product in use along with what application CA Directory is being used with. This will help us to understand the request better.
This is related to CA PAM 2.8.3 not CA Directory.
201-828-7061 Atlas 283-7061
Not sure if this is by design or not but I believe you should be able to create multiple RDP applications for each set of credentials.
- Mike Pass
This is a limitation of PAM and is working as designed. Even if you did manage to get this 'configured' by using multiple stacked policies, there is currently no way to select which TL account you would be using, so PAM would always pick one for you (I believe it is the first one it sees from DB).
One way you could work around this is by creating 2 seperate 'devices', one pointing to the IP and the other to hostname/FQDN. Then users would need to select the correct one when they first start the session to get the proper TL account.
If you would like to see the ability to use multiple accounts I would suggest creating an Idea (enhancement request) in the CA PAM Communities page.
CA Technologies - North America
Or vote up existing idea https://communities.ca.com/ideas/235732470-ability-to-assign-multiple-target-account-under-policyransparent-login, if that matches what you are looking for.
That is my idea.
Thank you Christian