Symantec Privileged Access Management

  • Private Community

  • 1.  CA PAM Integration with DB and Web Applications

    Posted Oct 01, 2018 08:35 AM

    Hello All,

     

    Can we provide the following functionality for integration with Database and Web Applications?


    1 . Once the user logged in to the CA PAM Console and access the Database through Toad or MS SQL Studio. The users should not be challenged again for authentication. - As per the documentation available, I understand that this can be achieved by Transparent Login and learn tool feature of CA PAM. But in parallel can we manage the same user ID's and password on the target DB i.e. Password rotation on target?

     

    Similarly, my query is for Web Applications or Citrix Xen App as well.

     

    Note: We have a Jump host server in between CA PAM and Target device (DB and Web Applications). The thick clients like Toad, Citrix Xen App and MS SQL Studio will be hosted on Jump hosts.

     

     

    2. Have the following queries related to "learn tool".


    The Script which has been created with the help of learn tool, can it be used for multiple different users for the same target device?

    If we already have 100 Users on the Database and needs to be managed with CA PAM, do we need to create 100 different scripts?



    Appreciate a quick response on this.



  • 2.  Re: CA PAM Integration with DB and Web Applications
    Best Answer

    Broadcom Employee
    Posted Oct 01, 2018 10:03 AM

    Hello

    Thanks for opening this query. Indeed you can use Transparent Login through a jump server to access these applications and to perform actions. Regarding managing passwords for those databases, there are certain predefined Target Applications that may be used, for instance MSSQL or Oracle. For them there will be connectors and you may be able to perform those operations. If your database is not there, then you will have to create a custom connector/script and I'd advise you to contact services to this effect

     

    Regarding the transparent login script, I am not sure I understand the use case: once you get a transparent login script, you can use it with your transparent login RDP service. You can obviously assign that service to a given device, and assign as well different users to be used via policy. If you have 100 users you do not need to have 100 different Transparent Login scripts.

     

    I hope to have understood your queries correctly. Should you have more queries or concerns, please do not hesitate to let us know here or you may as well open a support case for more extensive discussion or possible troubleshooting.