Symantec IGA

Hello,

We have completed the integration of CA PAM into Identify Governance.

There is a key requirement of creating campaigns for PAM target accounts.  None of the Default templates appear to provide this information. 
Account Certification
PAM Device Privilege
PAM User Privileges

Looking at the "Application Mapping" section of the "Actual Usage" tab in the PAM Universe, it demonstrates actual data including target account names:


What is not clear is how to map the data to appear in the certifications.

Would it be possible to provide some guidance on how to run certification for PAM target accounts?

Thanks

Chris

Hi Chris,

Make sure that there is a proper User - PAM Account - PAM Target Account mapping in IM. This ensures that a User - TargetAccount mapping is created in IG after import.  Once the Mappings are in place you can create a simple User Privileges Certification with a filter Resource Type=Target Account to get a Target Account specific certification.

Thanks,
Yogitha
Original Message:
Sent: 06-27-2020 02:54 PM
From: Chris Scott
Subject: Identity Governance: Application Mapping

Hello,

We have completed the integration of CA PAM into Identify Governance.

There is a key requirement of creating campaigns for PAM target accounts.  None of the Default templates appear to provide this information.
Account Certification
PAM Device Privilege
PAM User Privileges

Looking at the "Application Mapping" section of the "Actual Usage" tab in the PAM Universe, it demonstrates actual data including target account names:

What is not clear is how to map the data to appear in the certifications.

Would it be possible to provide some guidance on how to run certification for PAM target accounts?

Thanks

Chris

Yogitha,

Good information.  Would you please  provide more detail:

I am able to manually MAP PAM accounts to a IM ID.  I am struggling with mapping PAM Target accounts with PAM account.

How, exactly, are PAM Target Accounts mapped to PAM Accounts?

Are there ways to automate this mapping? If so, could you please articulate the details of this?

Thanks!

Chris
Original Message:
Sent: 06-28-2020 10:46 PM
From: Mudunuri Yogitha Bhargavi
Subject: Identity Governance: Application Mapping

Hi Chris,

Make sure that there is a proper User - PAM Account - PAM Target Account mapping in IM. This ensures that a User - TargetAccount mapping is created in IG after import.  Once the Mappings are in place you can create a simple User Privileges Certification with a filter Resource Type=Target Account to get a Target Account specific certification.

Thanks,
Yogitha
Original Message:
Sent: 06-27-2020 02:54 PM
From: Chris Scott
Subject: Identity Governance: Application Mapping

Hello,

We have completed the integration of CA PAM into Identify Governance.

There is a key requirement of creating campaigns for PAM target accounts.  None of the Default templates appear to provide this information.
Account Certification
PAM Device Privilege
PAM User Privileges

Looking at the "Application Mapping" section of the "Actual Usage" tab in the PAM Universe, it demonstrates actual data including target account names:

What is not clear is how to map the data to appear in the certifications.

Would it be possible to provide some guidance on how to run certification for PAM target accounts?

Thanks

Chris