Symantec Privileged Access Management

 View Only
  • 1.  About enabling MFA with PAM Agent

    Posted Aug 06, 2024 02:12 AM

    I am writing to discuss the feasibility of using PAM or, more specifically, PAM Agent with MFA. While I am well aware that integrating PAM with SAML allows the identity provider to authenticate using both a password and an additional factor (such as a token, an otp, etc...), there are cases where using PAM Agent, which authenticates solely with LDAP, is more straightforward. However, the question arises: Can we somehow implement MFA in this scenario? I believe that not having this capability would be a significant limitation for a product of this type.

    Thanks in advance
    Marco



  • 2.  RE: About enabling MFA with PAM Agent

    Broadcom Employee
    Posted Aug 13, 2024 03:12 PM

    Hello, The available authentication methods for the PAM Agent are documented on page Deploy the PAM Access Agent for Windows. The list includes LDAP+RADIUS and LDAP+RSA, which I would say qualify as MFA implementations. The statement "authenticates solely with LDAP" is false. It does not support SAML authentication, which I assume is what you are after. Please use the ideation page to submit enhancement requests.