search cancel

User creation date in CA PAM

book

Article ID: 142947

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

PAM is configured to sync users from AD.

Users in PAM do NOT have any creation date i.e. the date/ time when the user record was created in PAM. How can we get this information for reporting purposes?

The client has an audit requirement to remove/ disable users who have not logged onto PAM for the last X i.e. 90 days. If a user has never logged into PAM (i.e. last login date/ time stamp is null), how can we determine that the user was created less than or more than 90 days ago?

Environment

Release : 3.x, 4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

CA PAM has a creation date and time only for the Target Accounts, but for Users that are either manually created or imported from LDAP, we have depended upon a different field that captures the Last activation date and time.

Resolution

The non-mandatory fields are not populated even when creating the users locally in CA PAM and the same applies to users when these are imported from external LDAP like Active Directory.

But, if the customer would like to capture the date and time of creation this needs to be done before the user accounts are disabled and enabled again in CA PAM.

Export the Users in CSV file and look at the "Last Activation Time" and convert this to human-readable format.

When creating the user accounts in CA PAM using the UI, unless the following fields have the required information, the "Activation Time" field will be blank.

 

Attachments