PAM account groups
An account group is a collection of asset account and directory accounts. An account group can be added to the scope of an access request policy.
Account groups are imported into the One Identity Manager database during synchronization. You cannot edit the properties of account groups. Changes to the object properties of individual account groups can be re-imported by single object synchronization.
To display the properties of an account group
-
In the Manager, select the Privileged Account Management > Appliances > <Appliance> > Privileged objects > Account groups category.
-
Select the account group in the result list.
-
Select the Change main data task.
For an account group, you see an overview of the asset accounts, directory accounts, and the access request policies associated with the account group.
To obtain an overview of an account group
-
In the Manager, select the Privileged Account Management > Appliances > <Appliance> > Privileged objects > Account groups category.
-
Select the account group in the result list.
-
Select the PAM account group overview task.
Related topics
PAM directories
Directories represent external target system, for example Active Directory or LDAP. If the Active Directory environment or the LDAP environment is imported into One Identity Manager, you can create directory users in One Identity Manager. Directory users and directory groups are linked to the relevant Active Directory objects and LDAP objects.
Directories are imported into the One Identity Manager database during synchronization. You cannot edit the properties of directories. Changes to the object properties of individual directories can be re-imported by single object synchronization.
To display the properties of a directory
-
In the Manager, select the Privileged Account Management > Appliances > <appliance> > Directories category.
-
Select the directory in the result list.
-
Select the Change main data task.
For a directory, you see an overview of the user accounts, user groups, and the directory accounts associated with the directory.
To view an overview of a directory
-
In the Manager, select the Privileged Account Management > Appliances > <appliance> > Directories category.
-
Select the directory in the result list.
-
Select the PAM directory overview task.
Related topics
PAM entitlements
An entitlement is a set of access request policies that ensures only authorized users can access the system. An entitlement usually groups together a set of permissions that are required to fulfill a specific task.
An entitlement defines which users are authorized to request passwords for accounts or sessions for assets as part of the defined access request policies.
Entitlements are imported into the One Identity Manager database during synchronization. You cannot edit the properties of entitlements. Changes to the object properties of individual entitlements can be re-imported by single object synchronization.
To display the properties of an entitlement
-
In the Manager, select the Privileged Account Management > Appliances > <appliance> > Entitlements category.
-
Select the entitlement in the result list.
-
Select the Change main data task.
For an entitlement, you see an overview of the user accounts, user groups, and the access request policies associated with the entitlement.
To view an overview of an entitlement
-
In the Manager, select the Privileged Account Management > Appliances > <appliance> > Entitlements category.
-
Select the entitlement in the result list.
-
Select the PAM entitlement overview task.
Related topics
PAM access request policies
An access request policy defines:
- The scope (meaning, which assets, asset groups, asset accounts, directory accounts, or account groups).
- The access type (password, SSH or remote desktop, Telnet).
- The rules for requesting passwords, for example, the duration or how many approvals are required.
Access request policies are imported into the One Identity Manager database during synchronization. Changes to the object properties of individual access request policies can be re-imported by single object synchronization.
To display the properties of an access request policy
-
In the Manager, select the Privileged Account Management > Appliances > <Appliance> > Entitlements > <Entitlement> category.
-
Select the access request policy in the result list.
-
Select the Change main data task.
For an access request policy, will see an overview of the scope of the access request policy and the entitlements associated with the access request policy.
To obtain an overview of an access request policy
-
In the Manager, select the Privileged Account Management > Appliances > <Appliance> > Entitlements > <Entitlement> category.
-
Select the access request policy in the result list.
-
Select the PAM access request policy overview task.
Related topics