IT Process Automation

 View Only
  • 1.  Users unlock with PAM

    Posted May 30, 2018 04:18 PM

    It is possible to implement users unlock process for SAP, Office 365 and Windows Network (AD) with process automation?

    If yes, someone has any hints on how to achieve this?

  • 2.  Re: Users unlock with PAM
    Best Answer

    Posted Jun 04, 2018 10:58 AM

    Yes, it is.


    Process automation is a generalist tool that can perform  this kind of integration, that doesn't seem to exist and can be tie together on a process (or a series of processes)


    The idea is, learn the api calls or commands that you need to do to unlock the new user account.

    It can be done, for example in AD using powershell, but the user account has to have the proper permission to do so.


    So you should figure out the method (Unlock-ADAccount) That you have to use, and make the it work in powershell console, using the website example:


    Now, you now what to do, you just need to create use pam's run-script operator to make this call passing parameters.

    So in powershell's case, you'll need the AD account with permission to do the action and the CN of the given account that you want to unlock, something like this:


    where %1 is the parameter passed

    Make sure that you mark the proper output options, and have in mind that you'll need to work with Process[OpName].scriptOutput in post-execution in order to validate if the command has the value that you intend.


    This is how you usually work with this kinda of integration.



    Hope it helps