How to configure MemberOf with ADGroup name on Scoping rule in the Roles.
search cancel

How to configure MemberOf with ADGroup name on Scoping rule in the Roles.

book

Article ID: 12346

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Customer would like to configure delegated user in specific group member only. 
So, he add following rule with user filter in scope rule. 
1. User: condition: Member of = AD Group name 
2. User: condition: GroupId = AD Group name. 



User try to configure delegated user in specific AD group member only.

So, he add following rule as user filter in scope rule.

User: where( Member of = AD group name )

But it does not work.  Any user does not list.

How does it configure to work?

 

Environment

OS: AnyProd: CA Privileged Identity Manager r12.9 SP1 for SAM Central DB: MS SQLServer or ORACLE User Store: ActiveDirectory

Resolution

user can specify AD group as LDAP format, such as cn=ADGroupName, cn=Users, dc=example,dc=com.

This sample for Delegated user requests configuration:

 

1-1. Login Enterprise Management Console as System manager. 

1-2. select Users and Groups > Roles > Privileged Access Roles > Modify Roles. 

1-3. select Privileged Accounts Request Role 

1-4. choice Member tab 

1-5. add as following on Scope Rule: 

User: where (  MemberOf = cn=AD group name, cn=Users, dc=example, dc=com )

Privileged Accounts: Account Name = * 

1-6. ok and submit. 

 

Powered by Wolken Software