ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Creating Windows Remote target accounts using the Rest API

book

Article ID: 186491

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We tried to create a new target account for a Windows Remote target connector using the JSON body returned for an existing account as a starting point, but it didn't work. Can we have a sample JSON body that works?

Cause

Multiple parameters returned for an existing target account are not valid when posting a new account, such as account ID and application ID. PAM will create the account ID, and the application ID is part of the URL, not the JSON body. On the other hand, the GET command will not include the password, but the password has to be specified when creating a new account. Also, boolean attributes tend to be returned with value "t" or "f" by a GET, but typically have to be provided as "true" or "false" in a POST.

Environment

Applies to all supported release as of March 2020 (3.2 and 3.3).

Resolution

Here is a sample JSON body that works:

{
  "accountName": "windowstest",
  "password": "dummy",
  "privileged": "t",
  "attributes": {
    "accountType": "admin",
    "descriptor1": "DESC1",
    "extensionType": "windowsRemoteAgent",
    "forcePasswordChange": "false",
    "useOtherAccountToChangePassword": "false"
  },
  "cacheBehavior": "useCacheFirst",
  "cacheDuration": "30",
  "synchronize": "f",
  "passwordViewPolicyId": "1000"
}