Auditing – Privileged Account Management (page description)
To open the Auditing - Privileged Account Management page go to Responsibilities > Auditing > Privileged Account Management.
On the Auditing - Privileged Account Management page, you can see all the PAM groups (see Displaying all system entitlements).
If you click Show details in a PAM group's details pane, a new page opens (see Auditing - Roles and permissions: PAM group (page description)) that contains more information and configuration options for the PAM group.
The following tables give you an overview of the various features and content on the Auditing - Privileged Account Management page.
Table 758: Columns
Display |
Shows the PAM group's name. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
Auditing - Roles and permissions: PAM group (page description)
To open the Auditing - Roles and entitlements: PAM group page go to Responsibilities > Auditing > Privileged Account Management > Show details.
On the Auditing - Roles and entitlements: PAM group page, you can access various information about the selected PAM group.
To do this, click on one of the tiles:
Overview – PAM group (page description)
To open the Overview - PAM group page go to Responsibilities > Auditing > Privileged Account Management > Show details > Overview.
On the Overview – PAM group page, you can see all the information relevant to the PAM group summarized in an overview (see Displaying system entitlement overviews).
This information is displayed as shapes. For more information, click on the links inside one of the shapes.
Main data – PAM group (page description)
To open the Main data – PAM group page go to Responsibilities > Auditing > Privileged Account Management > Show details > Main data.
On the Main data – PAM group page, you can see the PAM group's main data (see Displaying system entitlement main data).
Enter the following main data:
Table 760: PAM group main data
Name |
Shows you the full, descriptive name of the PAM group. |
Canonical name |
Shows you the automatically generated canonical name of the PAM group. |
Distinguished name |
Shows you the automatically generated distinguished name of the PAM group. |
Display name |
Shows you the name of the PAM group used to display PAM group in the One Identity Manager tools. |
Container |
Shows you the parent container of the PAM group. |
Service item |
Shows you the assigned service items. |
Category |
Shows you the category for PAM group inheritance.
User accounts can inherit PAM groups selectively. To do this, PAM groups and user accounts are divided into categories. |
Description |
Shows you the PAM group's description. |
Risk index |
Shows you the configured risk index.
This value specifies the risk of assigning this PAM group to a user account.
For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
IT shop |
Shows you whether the PAM group can be requested in the IT Shop. If set, the PAM group can be requested by identities using the Web Portal and granted through a defined approval process. The PAM group can still be assigned directly to identities and hierarchical roles.
For detailed information about IT Shop, see the One Identity Manager IT Shop Administration Guide. |
Only use in IT Shop |
Shows you whether the PAM group can only be requested through the IT Shop. If set, the PAM group can be requested by identities using the Web Portal and granted through a defined approval process. You cannot assign a PAM group to hierarchical roles directly. |