Dual Authentication Policy on TL Problem

book

Article ID: 193403

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

We configured 2 user groups. Group-1 is for connecting to target system via remote app (By TL and Auto Connect). Group-2 is for approving connections of the Group-1 to systems .
We make configurations,
1.Created a Target Group
2.Created credential group and associated the user account with the credential group
3.Created Target Application and Account
4.After applying the PVP of Dual Authentication it is showing an error of PAM-CM-1056

But when removing the user from Credential Group then it is accepting the PVP policy  on Target Account (Configuring reverse sequence), at this time account is not being usable on TL, and getting error (PAM-TLGN-0054: Trans.Log.Agent Launch failed: application list is empty...)

Cause

This is not a supported feature for TL. In the current release of CA PAM version 3.4.x, Transparent login does is not certified for Dual Authentication. This is the current product design.

Environment

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Access for connecting to TL can be controlled via the Policies option only.