What is the McAPIUser account used for in CA PAM?

Applies to any PAM release as of February 2023.

The MCApiUser is an internal user needed for the optional integration of PAM cluster implementations with a PAM Management Console. The user is owner of target account MCApiKey-xxx, where xxx is the user ID of the MCApiUser user. Communication between PAM cluster nodes and a management console occurs via Rest API calls that are authenticated with the MCApiKey-xxx credentials. The user account itself is not used, it is needed only as anchor to the associated API key.

The Privileged Access Manager Management Console is an additional licensed solution for customers who are administering large cluster deployments or sets of clusters. The Management Console helps alleviate the management burden of large installations, for Managed Service Providers and other distributed deployments.

To understand all the feature of our PAM Management Console -> please review documentation page Management Console and pages under it.

Any PAM node can become member of a cluster that either is integrated with a management console already, or may be configured with such an integration in the future. Therefore this user exists on all PAM instances.