Symantec Privileged Access Management

Expand all | Collapse all


Jump to Best Answer
  • 1.  SAML + LDAP

    Posted 04-03-2020 08:46 AM
    Hi all,
    the scenario is: I have PAM fully integrated with my AD. (Authentication, User Group, TAC, Policies, etc) I need to change the authentication to SAML idP so MFA would be required. Is there a way PAM to match users in AD with users in my SAML idP so  I wouldn´t need to recreate all user group and policies? Note that today all is pointing to AD.

    Security Analyst
    DXC Technology

  • 2.  RE: SAML + LDAP
    Best Answer

    Posted 04-03-2020 11:35 AM
    Hi Higor.

    As long as you configure you Unique Attribute to a field that will contain the string that matches the SAML user you should be able to get this to work.  Typically, this will be the samaccountname= or userprincipalname=.  Once you've done this, change the Authentication Type to SAML and you should be set.  If necessary refresh the LDAP group again.

    Principal Support Engineer

  • 3.  RE: SAML + LDAP

    Posted 04-03-2020 01:26 PM

    Thanks, now it makes sense to me.




    Higor Louback

    Identity & Access Security Analyst

    WW MSS Security Analyst


    CyberArk Privileged Access Security - CyberArk Certified Trustee

    Microsoft Security Fundamentals

    Certified Integrator in Secure Cloud Services (CI-SCS)

    ISO/IEC 27002

    ITIL V3


    MCSA 2003 + Security