Privileged Accounts Number on Dashboard too high

book

Article ID: 220958

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

On the Dashboard, the 'Privileged Accounts' entry shows incorrect information. The number is much higher than the total number of target accounts we have as seen when we go to the Credentials > Manage Targets > Accounts page. 

Cause

The customer used Rest API calls to create devices, target applications and target accounts. The target accounts were configured as synchronized, which causes PAM to verify the password before saving the account. This can take a while. When the call failed on a timeout, or when a subsequent check on the target account incorrectly failed to find the new account, the provisioning tool assumed that the target account was not created and proceeded with deletion of the just created target application and device. This left orphaned accounts behind that had no valid target application associated with them and therefore were not available for view or use in the PAM UI. They did get counted in the "Privileged Accounts" metric on the dashboard though.

Environment

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

As of August 2021 there are no UI functions or API calls that can be used to find and remove orphaned target accounts. If you observe this problem, please engage PAM Support to get the orphaned accounts cleaned up and your provisioning tools reviewed to reduce the number of false error detections.