Symantec Privileged Access Management

 View Only
  • 1.  SAML + LDAP

    Posted Apr 03, 2020 08:46 AM
    Hi all,
    the scenario is: I have PAM fully integrated with my AD. (Authentication, User Group, TAC, Policies, etc) I need to change the authentication to SAML idP so MFA would be required. Is there a way PAM to match users in AD with users in my SAML idP so  I wouldn´t need to recreate all user group and policies? Note that today all is pointing to AD.

    ------------------------------
    Security Analyst
    DXC Technology
    ------------------------------


  • 2.  RE: SAML + LDAP
    Best Answer

    Broadcom Employee
    Posted Apr 03, 2020 11:35 AM
    Hi Higor.

    As long as you configure you Unique Attribute to a field that will contain the string that matches the SAML user you should be able to get this to work.  Typically, this will be the samaccountname= or userprincipalname=.  Once you've done this, change the Authentication Type to SAML and you should be set.  If necessary refresh the LDAP group again.

    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------



  • 3.  RE: SAML + LDAP

    Posted Apr 03, 2020 01:26 PM

    Thanks, now it makes sense to me.

     

    Appreciate.

     

    Higor Louback

    Identity & Access Security Analyst

    WW MSS Security Analyst

     

    CyberArk Privileged Access Security - CyberArk Certified Trustee

    Microsoft Security Fundamentals

    Certified Integrator in Secure Cloud Services (CI-SCS)

    ISO/IEC 27002

    ITIL V3

    IBM CSA

    MCSA 2003 + Security

     

    higor.louback@dxc.com

     

    Brazil

     

     

    04PAM20IEF_expert_PAM_imp04PAM20IPF_pro_PAM_imp