Rest API calls to create UNIX devices, target applications and accounts
search cancel

Rest API calls to create UNIX devices, target applications and accounts

book

Article ID: 218925

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We are looking for a programmatic approach(CLI,REST-API etc) to onboard UNIX devices and accounts into Ca PAM.

The steps we follow currently to onboard devices, applications and target accounts from the UI are:

- Create the device with OS=Linux, Access and Password Management checked for device type, and SSH selected under Access Methods.

- Create a UNIX target application with a custom password composition policy and Linux selected as UNIX Variant under the Script Processor tab.

- Create a target account that manages its own password and has option "Use elevated privileges" checked under the UNIX tab.

- Create a second target account whose password is managed by the first target account.

We are using Windows hosts to access PAM.

Environment

Release : 4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

This can be accomplished using the PAM Rest API. Available Rest API resources are documented on the Settings > API Doc page once the External Rest API is enabled, see e.g. documentation page https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-2/programming/external-api-for-integrating-applications.html

Attached is a sample powershell script showcasing all Rest API calls to complete the steps listed above. Note that the extension has been changed to .txt from .ps1 to avoid problems with file download.

Attachments

1625614103339__unix_dev_app_acc_prov.txt get_app