Symantec Privileged Access Management

 View Only
Expand all | Collapse all

CA PAM 3.3 - Account discovery / Network device account discovery

  • 1.  CA PAM 3.3 - Account discovery / Network device account discovery

    Posted Aug 22, 2019 08:56 AM

    Good day everyone,
    I have some doubts regarding the accounts discovery in PAM 3.3

    1 - With CA PAM I can schedule a discovery job in order to retrive all the accounts in a specific target system.
    Is it possible also to automatically integrate and manage the accounts? Or I need to do it manually from the list of discovered accounts?

    2 - Checking the manual, the discovery of the accounts is available for:

    • UNIX/LINUX
    • Active Directory
    • LDAP
    • Windows Remote
    • Windows Proxy
    So, what I understand is that network device accounts (CISCO, Palo Alto, etc.) discovery is not available but if I try to create an account (e.g. CISCO), the flag of discovery accounts ("Discovery Allowed") can be checked.
    Can you please explain me if the account discovery for network accounts is it possible or not? And if yes, there are some limitation or prerequisites?

    Thanks for your help.

    Regards,
    Andrea Gimmelli


  • 2.  RE: CA PAM 3.3 - Account discovery / Network device account discovery
    Best Answer

    Broadcom Employee
    Posted Aug 23, 2019 02:54 AM

    Hello Andrea,

     

    1.

    Unlike in Device Discovery there is no Auto-Manage feature in Account Discovery

    (I cannot explain if this is an oversight in the design or left out deliberately – I suggest if this feature is desired to please open a separate Idea in this forum for consideration by Product Management)

     

    2.

    This is a design bug in the GUI.

    Even the GUI allows to enable Account Discovery on the Bind Account for the relevant target application, once you try to setup a Scan Profile this one is not available as a Server.

    I suggest to open a Support Case with us and we will follow up accordingly.

    Bottom line – only the application types listed in the documentation

    https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/protect-privileged-account-credentials/add-target-accounts-to-target-applications/use-account-discovery-to-add-target-accounts

    are available for Account Discovery

     

    Best Regards,

    Andreas