search cancel

How can CA PAM be integrated with Identity Management Solutions ?

book

Article ID: 256078

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Sometimes there is a business requirement to integrate CA PAM with a third-party Identity Access and Management (IDAM) solution for the purpose of Identity Governance.

In particular it may be necessary to be able to retrieve objects such as users, groups and roles

There is a variety of IDAM applications, like for instance NetIQ Identity Manager, for which there is no explicit integration with PAM, so the question here is whether such an integration can be achieved by means of API calls to PAM

 

Environment

CA PAM releases 3.X and above

Resolution

CA PAM provides the possibility of making REST API calls by enabling the external REST API,

For a complete explanation about how to set it up, see the following documentation

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-1/programming/external-api-for-integrating-applications.html

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-1/programming/external-api-for-integrating-applications/deploy-the-external-api-administrators.html

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-1/programming/external-api-for-integrating-applications/use-the-external-api-programmers.html

Most of this functionality can be achieved- by the way- by using Command Line Interface or Java external interface

For this particular query CA PAM implements as well API calls that conform to the System for Cross-domain Identity Management (SCIM) specification, which is designed to make managing user identities in cloud-based applications and services easier while conforming to standard schemas and deployments. More information can be retrieved from

https://www.simplecloud.info/

As for the SCIM methods available, they can be obtained from:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-1/programming/external-api-for-integrating-applications/use-the-external-api-programmers/connect-with-scim-api.html