Configuring DNS resolution
Since TPAM expects the address of the target host as a hostname rather than as an IP address, IP addresses must be transformed to hostnames. The hostname is then used as input when the TPAM plugin calculates the System name for TPAM. For this, you need to configure DNS resolution on SPS.
To resolve hostnames, SPS uses the Domain Name Servers set in Basic Settings > Network > Naming > Primary DNS server and Secondary DNS server. For details on these fields, see the section on naming in "Network settings" in the Administration Guide.
Configuring TPAM
This section provides detailed instructions as to what to configure on TPAM:
- add an CLI user with Information Security Administrator (ISA) rights that SPS will use to communicate with TPAM
- assign ISA access policy for all relevant Accounts and Systems
- download the public key of TPAM
- enable custom attributes
Adding an ISA CLI user
Purpose:
When communicating with TPAM, SPS uses a CLI user with Information Security Administrator (ISA) rights to establish an SSH connection to TPAM. This user must be present in TPAM. In addition, in the TPAM plugin's configuration file, you need to provide the user name of this user (server_user).
To add an ISA CLI user
For details on how to add an ISA CLI user in TPAM, see section Add a CLI user ID in the TPAM Administration Guide.
Ensure that the user has ISA permissions (configurable through access policies) for all Accounts and Systems whose credentials will be retrieved from TPAM. For details on how to assign ISA access policies, see Assign ISA access policies to ISA CLI user.
If this user is already present in TPAM, here is how you can obtain its user name:
- Log in to TPAM using a TPAM Administrator account.
- Navigate to Users & Groups > User IDs > Manage User IDs.
- Click the Listing tab.
- Look for the user name of the ICA CLI user in the User Name column.
Assign ISA access policies to ISA CLI user
Purpose:
In order for SPS to be able to retrieve information from TPAM, you must ensure that the ISA CLI user that is used for communicating with TPAM has ISA permission to all relevant Systems and Accounts whose credentials will be retrieved from TPAM.
To grant the ISA CLI user ISA permission
- Log in to TPAM using a TPAM Administrator account.
- Navigate to Users & Groups > User IDs > Manage User IDs.
- Click the Listing tab.
- Select the ISA CLI user.
- Click the Permissions > Results tab.
- Assign an ISA policy on the System level:
- On the left, select the System you want to assign an ISA access policy to.
- On the right, in the Access Policy Details > Access policy drop-down menu, select ISA.
- Click
.
- Assign an ISA policy on the Account level:
- On the left, select the Account you want to assign an ISA access policy to.
- On the right, in the Access Policy Details > Access policy drop-down menu, select ISA.
- Click