Device Group policy does not include devices automatically
search cancel

Device Group policy does not include devices automatically


Article ID: 137530


Updated On:


CA Privileged Access Manager (PAM)


When creating an access policy for a group of devices imported from LDAP, the number of devices in the group is not equal to the number of devices found on the access page.

Some servers that are members of the LDAP device group are missing on the access page.


Applies to any PAM release as of Dec 2023.


Access methods assigned to device groups are not inherited by devices in the group. The only purpose of the access method and services assignment on the group level is to make them available in access policies for the group. E.g. you could have Linux servers and Windows servers in the same device group. The Linux servers are accessed using the SSH access method, and the Windows servers are accessed using the RDP access method. To configure an access policy against the device group, you will have to assign both the SSH and RDP access methods on the group level. The access page will show the SSH access method for the devices in the group that have SSH access assigned, and the RDP access method for devices that have RDP access assigned. If a device has none of the access methods assigned that are defined in the policy, it will not show up on the access page.


Assign the appropriate access methods on the device level as they are not inherited from the device group.