CA PAM - Microsoft Office 365 integration

Article Id: 104074

Status: Published

Updated On: 27-06-2019 23:23

Products:

CA Privileged Access Manager - Cloakware Password Authority (PA) , PAM SAFENET LUNA HSM , CA Privileged Access Manager (PAM) , CA Privileged Access Manager (PAM) , CA Privileged Access Manager (PAM)

Issue/Introduction:

What is the use case for the CA PAM - Microsoft Office 365 integration?

For example, how can the user then access Office 365, can the integration change the password after every login(and how to do that in CA PAM), what does CA PAM then monitor.?

Environment:

Release:
Component: CAPAMX

Resolution:

The main benefit is ADFS federation to Office 365 for privileged users who administer O365.
(it is not intended for end users to use Word, Excel, etc.)

The Xceedium Browser web session will provide SSO to O365 as well as web-based session recording of the activities of the O365 admin who is provisioning licenses and accounts for Exchange, SharePoint, and any other services on the O365 site.

Once your specific Office 365 login mechanism is configured to allow Federation, you can setup in PAM a TCP Service Web Portal using PAM Browser using SAML SSO Auto Login Method.

Here you can use the ADFS Security Token Service (STS) Endpoint Reference URI, typically:
urn:federation:MicrosoftOnline

Additional Information:

https://communities.ca.com/people/SungHoon_Kim/blog/2018/03/01/pam-and-o365-integration