Symantec Privileged Access Management

Is there any documentation on Sailpoint integration to manage target accounts in PAM ?

I think it can't be done with STI (which should allow to manage users from Sailpoint but not target accounts) and may require SCIM, but is there any docs ? and if it uses the REST API, how can it reach target accounts that don't look to be manageable yet by the REST API ?

Thanks

Paolo

Hello Paolo, The documentation is on page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/integrating/integrate-with-sailpoint.html#concept.dita_ce91df00722b5feed95883bdb15f1ef9dadb40f7_STISetup, and other pages that this page links to.
Original Message:
Sent: 02-21-2020 12:25 AM
From: Paolo Asioli
Subject: Sailpoint integration

Is there any documentation on Sailpoint integration to manage target accounts in PAM ?

I think it can't be done with STI (which should allow to manage users from Sailpoint but not target accounts) and may require SCIM, but is there any docs ? and if it uses the REST API, how can it reach target accounts that don't look to be manageable yet by the REST API ?

Thanks

Paolo

I had already found that page, and I was referring to it in my post.

BUT
The STI integration seems to be limited to managing users (not target accounts) in PAM.

And the SCIM integration says "The  CA PAM  REST API includes a SCIM section, including several undocumented SailPoint-specific extensions"
The page for the CA SCIM API 
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/programming/external-api-for-integrating-applications/use-the-external-api-programmers/connect-with-scim-api.html
only references a few scant methods for Users and Groups (and not Target accounts).

And what are the "undocumented Sailpoint-specific extensions" ??????

Last but not least, the reference to the relevant Sailpoint documentation is to the home page of the Sailpoint website... very useful...
"For information about the SailPoint side of the integration, see the SailPoint documentation."

So the question is the same (but please don't send me a generic link): 

is it possible to manage target accounts in PAM from Sailpoint ?

Thanks

Paolo
Original Message:
Sent: 02-21-2020 01:01 PM
From: Ralf Prigl
Subject: Sailpoint integration

Hello Paolo, The documentation is on page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/integrating/integrate-with-sailpoint.html#concept.dita_ce91df00722b5feed95883bdb15f1ef9dadb40f7_STISetup, and other pages that this page links to.
Original Message:
Sent: 02-21-2020 12:25 AM
From: Paolo Asioli
Subject: Sailpoint integration

Is there any documentation on Sailpoint integration to manage target accounts in PAM ?

I think it can't be done with STI (which should allow to manage users from Sailpoint but not target accounts) and may require SCIM, but is there any docs ? and if it uses the REST API, how can it reach target accounts that don't look to be manageable yet by the REST API ?

Thanks

Paolo

Hi Paolo, I didn't see your reference to the online documentation in your original post (and I still don't see it). I did miss that you were asking specifically for credential management. What's on that page is the extent of integration between Sailpoint and PAM, there's nothing else. You are right that it's not for credential management, only for PAM user authentication. The latest PAM releases include a custom connector framework that could be used for the integration. I am not aware of anyone having used it that way, but maybe someone else is.
Original Message:
Sent: 02-22-2020 02:12 AM
From: Paolo Asioli
Subject: Sailpoint integration

I had already found that page, and I was referring to it in my post.

BUT
The STI integration seems to be limited to managing users (not target accounts) in PAM.

And the SCIM integration says "The  CA PAM  REST API includes a SCIM section, including several undocumented SailPoint-specific extensions"
The page for the CA SCIM API
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/programming/external-api-for-integrating-applications/use-the-external-api-programmers/connect-with-scim-api.html
only references a few scant methods for Users and Groups (and not Target accounts).

And what are the "undocumented Sailpoint-specific extensions" ??????

Last but not least, the reference to the relevant Sailpoint documentation is to the home page of the Sailpoint website... very useful...
"For information about the SailPoint side of the integration, see the SailPoint documentation."

So the question is the same (but please don't send me a generic link):

is it possible to manage target accounts in PAM from Sailpoint ?

Thanks

Paolo
Original Message:
Sent: 02-21-2020 01:01 PM
From: Ralf Prigl
Subject: Sailpoint integration

Hello Paolo, The documentation is on page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/integrating/integrate-with-sailpoint.html#concept.dita_ce91df00722b5feed95883bdb15f1ef9dadb40f7_STISetup, and other pages that this page links to.
Original Message:
Sent: 02-21-2020 12:25 AM
From: Paolo Asioli
Subject: Sailpoint integration

Is there any documentation on Sailpoint integration to manage target accounts in PAM ?

I think it can't be done with STI (which should allow to manage users from Sailpoint but not target accounts) and may require SCIM, but is there any docs ? and if it uses the REST API, how can it reach target accounts that don't look to be manageable yet by the REST API ?

Thanks

Paolo

Thanks a lot, Ralf.

I feared it was so, but I had to make sure. Documentation is very lacking on this topic...

Original Message:
Sent: 02-24-2020 10:49 PM
From: Ralf Prigl
Subject: Sailpoint integration

Hi Paolo, I didn't see your reference to the online documentation in your original post (and I still don't see it). I did miss that you were asking specifically for credential management. What's on that page is the extent of integration between Sailpoint and PAM, there's nothing else. You are right that it's not for credential management, only for PAM user authentication. The latest PAM releases include a custom connector framework that could be used for the integration. I am not aware of anyone having used it that way, but maybe someone else is.
Original Message:
Sent: 02-22-2020 02:12 AM
From: Paolo Asioli
Subject: Sailpoint integration

I had already found that page, and I was referring to it in my post.

BUT
The STI integration seems to be limited to managing users (not target accounts) in PAM.

And the SCIM integration says "The  CA PAM  REST API includes a SCIM section, including several undocumented SailPoint-specific extensions"
The page for the CA SCIM API
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/programming/external-api-for-integrating-applications/use-the-external-api-programmers/connect-with-scim-api.html
only references a few scant methods for Users and Groups (and not Target accounts).

And what are the "undocumented Sailpoint-specific extensions" ??????

Last but not least, the reference to the relevant Sailpoint documentation is to the home page of the Sailpoint website... very useful...
"For information about the SailPoint side of the integration, see the SailPoint documentation."

So the question is the same (but please don't send me a generic link):

is it possible to manage target accounts in PAM from Sailpoint ?

Thanks

Paolo
Original Message:
Sent: 02-21-2020 01:01 PM
From: Ralf Prigl
Subject: Sailpoint integration

Hello Paolo, The documentation is on page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-1/integrating/integrate-with-sailpoint.html#concept.dita_ce91df00722b5feed95883bdb15f1ef9dadb40f7_STISetup, and other pages that this page links to.
Original Message:
Sent: 02-21-2020 12:25 AM
From: Paolo Asioli
Subject: Sailpoint integration

Is there any documentation on Sailpoint integration to manage target accounts in PAM ?

I think it can't be done with STI (which should allow to manage users from Sailpoint but not target accounts) and may require SCIM, but is there any docs ? and if it uses the REST API, how can it reach target accounts that don't look to be manageable yet by the REST API ?

Thanks

Paolo