Which IIQ version are you inquiring about?
8.3P3
##Referenced Documentation:
Hi Community!
I’ll be working on a project soon to install and configure the Privileged Access Manager (PAM) module and leverage it initially for credential cycling. Compass has some resources, but limited examples of this in actual use. For anyone using this module, I’m looking for advice on a couple of topics.
-
Authentication between the configured PAM Application and the CyberArk system. I’m trying to protect the credentials used from within the SailPoint connector from being harvested and used for malicious purposes. Does anyone have documentation / tips&tricks on the actual configuration between the PAM Application and CyberArk in terms of types of supported authentication? In reading this documentation (Credential cycling for Privileged Access Management - Compass) it seems a HASH is created of a jar file, which is then stored on the Cybarark side. However, the document I referenced doesn’t seem to mention what is then done on the IIQ side to setup the PAM Application to connect to CybarArk. Any tips here?
-
The above documentation talks about a “CyberArk Template”, exactly what type of object is this (i.e. where would I find it in debug), and also how does the CredentialSource XML tie to the configured PAM application so that it connects to the correct CyberArk system and vault?
I know this community rocks and someone must have experience with this.