Symantec Privileged Access Management

Tech Tip - CA Privileged Access Manager: Creating new devices with device group membership using the Rest API 

Oct 30, 2017 06:38 PM

The PAM Rest API includes a "POST" resource with URL https://<PAM host>/api.php/v1/devices.json to add new devices to PAM. The description text on the API Explorer lists only three parameters as required: "deviceName", "domainName" and "os". To add device group membership, the "deviceGroupMembershipIds" field is used. But just adding that field to the POST request will create the device without group membership. New devices will be associated with device groups only when "typeAccess" is true. Per documentation the default value for this field is "f", i.e. false. The following sample data will create a new device and make it a member of an existing device group with ID = 7.

{
"deviceName":"apitestdev1",
"deviceGroupMembershipIds":[7],
"domainName":"apitestdev1.ca.com",
"os":"Linux", 
"typeAccess":"t"
}

 

New devicew created via Rest API

 

You can use the "GET /v1/deviceGroups.json" resource to get the IDs for your device groups.
Also note that the value of "deviceGroupMembershipIds" is an array of numbers, not a string, and no quote characters are used. Multiple group IDs can be provided in a comma separated list such as [7,8,12].

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.