You can provision a CA Privileged Access Manager device to permit execution of sudo or BeyondTrust PowerBroker pbrun using the login password for the device from the SSH Access Method applet.

Important:

• Security Requirement: Configure sudo or pbrun on the target so that each execution requires a password from the client. Otherwise, security can be compromised.
• Transparent login cannot be applied to Device Groups.

 

Policy setup against individual device -- Transparent Login option is available:

<Please see attached file for image>

 

Policy setup against (Device Group) -- Transparent Login option is not available:

<Please see attached file for image>

The SSH Transparent Login option is made available to policy against individual device ONLY when Transparent Login is configured at the device level.

Create a dummy RDP Application ('Hide from User' option checked) in PAM and associate that service with the Device Group:

<Please see attached file for image>

<Please see attached file for image>

Transparent Login option is now made available to the Device Group:

<Please see attached file for image>

NOTE:

As the checking for Transparent Login configuration is at device level, the suggested workaround is practically bypassing this validation. Hence, the Transparent Login might be enabled on the Device Group level, but the Transparent Login configuration need to be done on device level.

Also, the suggested workaround is not suitable for 'Command String' Transparent Login.

https://docops.ca.com/ca-privileged-access-manager/2-8-3/EN/implementing/provision-your-server/provisioning-devices/set-up-transparent-login/ssh-connections

https://communities.ca.com/community/ca-security/ca-privileged-access-management/blog/2017/08/21/tech-tip-ca-privileged-access-manager-enable-ssh-transparent-login-for-device-groups