I want to do a Linux/Unix server integration using Cybeark AD Bridge, i.e. login to the psmp server via command line using the AD credentials and specifying the target server.
In command line it is possible to do that, but checking the documentation and capabilities of the sailpoint out-of-box connectors I couldn’t find something similar.
The goal is to integrate hundreds of servers into SailPoint using the proxy server (AD bridge) with a single account and thus avoid the massive creation of service accounts for all servers to be integrated.
Has anyone managed to integrate Linux/Unix servers using a proxy server like Cyberark AD Bridge(PSMP)?
I’m not sure if this approach will work. It may require a custom connector or an extension to the existing connectors.
Perhaps, you could consider a different one. You can use the built-in support for credential rotation in IdentityIQ to retrieve credentials on the fly. For each application, you will need to set up a credential association in the Configuration object named ‘CredentialConfig’. Then, just before IdentityIQ connects to your system, it reaches out to the PAM server, via most often the libraries provided by the vendor, and gets the credentials for your target server. If these are the same for all, the associations can just be duplicated.
Thanks for your answer Menno, Sorry for my late replay, my initial solution was to extend the current classes to support proxy servers. I’m currently working on that approach, probably I was overthinking the solution but seems that is the right way. Thanks again.