For auditing purposes, it is required to list when every user was created in PAM. This information is not listed in the UI, is there a way to see when users were created?
Privileged Access Manager, all versions
Use the searchUser CLI command to list all users stored in the PAM database, an example of the command and output for one user is below.
# capam_command capam=PAMHOSTNAME adminUserID=super cmdName=searchUser
Enter password: #####
<CommandResult>
<cr.itemNumber>0</cr.itemNumber>
<cr.statusCode>400</cr.statusCode>
<cr.statusDescription>Success.</cr.statusDescription>
<cr.result>
<User>
<userID>super</userID>
<userGroupIDs>#####</userGroupIDs>
<authenticationType>#####</authenticationType>
<gkUserId>#####</gkUserId>
<firstName>First</firstName>
<lastName>Last</lastName>
<email>[email protected]</email>
<serverKeyId>#####</serverKeyId>
<lastLogin/>
<viewType>admin</viewType>
<failedLoginAttempts>0</failedLoginAttempts>
<ldapDN/>
<password/>
<status>ACTIVE</status>
<createTime>1574712529000</createTime>
<createDate>Mon Nov 25 20:08:49 UTC 2019</createDate>
<updateDate>Fri Feb 23 16:52:06 UTC 2024</updateDate>
<extensionType/>
<createUser>admin</createUser>
<updateTime>1708707126000</updateTime>
<updateUser>super</updateUser>
<hash></hash>#####</hash>
<Attribute.pageSettings.dashboard>#####</Attribute.pageSettings.dashboard>
<Attribute.pageSettings.commonPageSettings>#####</Attribute.pageSettings.commonPageSettings>
<ID>#####</ID>
</User>
</cr.result>
</CommandResult>
For instructions on configuring the Remote CLI, refer to the Install and Set Up the Remote CLI and Java API PAM documentation section.