We are looking for a programmatic approach(CLI,REST-API etc) to onboard UNIX devices and accounts into Ca PAM.
The steps we follow currently to onboard devices, applications and target accounts from the UI are:
- Create the device with OS=Linux, Access and Password Management checked for device type, and SSH selected under Access Methods.
- Create a UNIX target application with a custom password composition policy and Linux selected as UNIX Variant under the Script Processor tab.
- Create a target account that manages its own password and has option "Use elevated privileges" checked under the UNIX tab.
- Create a second target account whose password is managed by the first target account.
We are using Windows hosts to access PAM.
Release : 3.4
Component : PRIVILEGED ACCESS MANAGEMENT
This can be accomplished using the PAM Rest API. Available Rest API resources are documented on the Settings > API Doc page once the External Rest API is enabled, see e.g. documentation page https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-0/programming/external-api-for-integrating-applications.html.
Attached is a sample powershell script showcasing all Rest API calls to complete the steps listed above. Note that the extension has been changed to .txt from .ps1 to avoid problems with file download.