PAM and One-Time Password (OTP) Generation under Secrets Management function
Article ID: 406888
Updated On:
Products
Issue/Introduction
This article addresses inquiries regarding the ability of Privileged Access Management (PAM) to both generate Time-based One-Time Passwords (TOTP) and integrate with external OTP solutions to display their generated security codes within Secrets Management for multi-factor authentication. For example, the intention is for PAM Secret Management to either generate TOTP codes itself or to integrate with external OTP providers like Symantec VIP or Google Authenticator to retrieve and display their codes. The common use case considered is a user leveraging Secret Management to obtain and utilize these OTP codes for authenticating to an application.
It's possible?
Resolution
Currently, the OTP generation functionality, including TOTP, or integrate with external OTP solution to show OTP externally generated as in Google Authenticator inside of PAM Secret Management is not natively included within Broadcom's Privileged Access Management (PAM) product. The existing secrets management features within PAM are somewhat limited in this specific regard and do not offer a built-in mechanism for generating dynamic, time-sensitive security codes for external application authentication or integrate with external tool that shows the generated code inside of Secret Management.
As this functionality represents a valuable enhancement for PAM, we strongly recommend submitting an enhancement request through the Broadcom communities. This allows the product team to track interest and consider its inclusion in future product developments.
Additional Information
How to Submit an Enhancement Request:
For detailed steps on how to submit an Idea or Enhancement Request for Privileged Access Management (PAM) in the Broadcom communities, please refer to the following knowledge article:
Feedback
