Sometimes, due to limitations in the environment or to business requirements, it is impossible to use the CA PAM Client to access a PAM appliance.
If the browser must be used, as of September 2020, the only one still supporting javascript is Internet Explorer 11. Javascript must be enabled in order for the java applets to work, so that RDP and SSH access can be made from the local browser to the remote systems in PAM. So, if this access part is required and there is any problem loading initial access page, troubleshooting must be made involving Internet Explorer behaviour, deployment of the jre, etc.
However, there may be a use case where CA PAM is basically used for password vaulting. The credential management part of the product does not require java to function and access to such functionality as password rotation, credential groups, schedule jobs, etc should be possible from any browser.
Unfortunately any newly defined user is assigned, by default, the Standard User role which, on logging in in the initial page of PAM will try to load the applets and will remain there forever or error out if the browser is other than Internet Explorer.
This document describes the general procedure for setting up a user which will access just credential management functions and will not try to load the applets when it logs in into PAM.
PRIVILEGED ACCESS MANAGEMENT, all versions
Every user when defined is automatically assigned the Standard User role, which will attempt to load the applets on log in, thus preventing browsers other than internet explorer from being used to access the product, even if it is only the credential management functionality
These are generic instructions on how to carry out this task. No detailed listing of rights and actions can be given because it will depend on each case of what kind of functionality we want to keep, but following the guidelines in this general use case should help. The procedure below describes how to limit certain users to just being able to log in and manage certain target accounts and applications. The use case may be made much less restrictive with no effort.