Editing the synchronization project for a PAM appliance
Synchronization projects in which an appliance is already used as a base object can also be opened in the Manager. You can, for example, check the configuration or view the synchronization log in this mode. The Synchronization Editor is not started with its full functionality. You cannot run certain functions, such as, running synchronization or simulation, starting the target system browser and others.
NOTE: The Manager is locked for editing throughout. To edit objects in the Manager, close the Synchronization Editor.
To open an existing synchronization project in the Synchronization Editor:
-
In the Manager, select the Privileged Account Management > Appliances category.
-
Select the appliance in the result list.
-
Select the Change main data task.
-
Select the Edit synchronization project task.
Related topics
Displaying the PAM appliance overview
Use this task to obtain an overview of the most important information about an appliance.
To obtain an overview of an appliance
-
In the Manager, select the Privileged Account Management > Appliances category.
-
Select the appliance in the result list.
-
Select the PAM appliance overview task.
PAM user accounts
You can use One Identity Manager to manage Privileged Account Management user accounts. A user account enables an identity to log onto the Privileged Account Management system, for example, onto One Identity Safeguard. One Identity Manager manages the local users of a Privileged Account Management system and directory users. Directory users are user accounts from an external target system, for example Active Directory or LDAP.
Through their user group, the user receives the required entitlements, for example, for requesting a password for an asset account or a session for the accounts and assets in the Privileged Account Management system.
A user account can be linked to an identity in One Identity Manager. You can also manage user accounts separately from identities.
NOTE: It is recommended to use account definitions to set up user accounts for company identities. In this case, some of the main data described in the following is mapped through templates from identity main data.
NOTE: If identities are to obtain their user accounts through account definitions, the identities must own a central user account and obtain their IT operating data through assignment to a primary department, a primary location, or a primary cost center.
Related topics
Creating local PAM user accounts
The users of a local PAM user account are authenticated by user name and password in the Privileged Account Management system.
To create a local PAM user account
-
In the Manager, select the Privileged Account Management > User accounts category.
-
Click in the result list.
- On the General tab, enter the following data as a minimum:
-
Appliance: Appliance to which the user account belongs.
-
Identity provider: Select the Local value.
-
User name: Enter the name to display.
-
Authentication provider: Select how the user is authenticated in the Privileged Account Management system. Depending on the authentication provider, other data may be required.
-
Local: Enter the login name, password, and password confirmation.
-
<External organization>: Enter the email address or the name claim.
-
<RADIUS server>: Enter the login name of the RADIUS server.
-
Time zone: The user's time zone. The default time zone is UTC (Coordinated Universal Time).
- Save the changes.
Related topics