Can you have multiple SAML IDP(s) configured in PAM
search cancel

Can you have multiple SAML IDP(s) configured in PAM

book

Article ID: 251115

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Admin is planning to implement MFA to authenticate on their PAM appliances, and they would like to know if it would be possible to have more than one MFA provider as SAML IDP.


Environment

Release : 3.4.x, 4.0.x, 4.1.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Our PAM Integration works with numerous IDP(s).  When you have multiple IDP(s) when clicking on our Single-Signon button -> you are presented with the configured IDP(s):

So in PAM, in the PAM UI >> Configuration >> Security >> SAML >> SP Configuration >> Configured Remote SAML IdP.

Here you would upload your IDP(s) MetaData into PAM turning us into a Relying Partner to your IDP(s).  For more information -> see the following documentation:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1/configuring-your-server/authenticate-users-logging-in-to-the-server/using-saml-2-0-to-authenticate-users/configure-ca-pam-as-the-relying-party-rp.html

Powered by Wolken Software