Is it possible to onboard VA OS user on PAM?

Hi Everyone ,

This is to check if you have faced a similar requirement where it’s required to onboard/lodge the OS user for VAs (sailpoint) into a PAM solution.

Thanks,
Shailee

What requirements are you looking at? Just storing the credential? Credential rotation and possibly verification?

You will not be able to implement a use case that would require installing additional agents or software on the VAs.

1 Like

Hi Alex,

Thanks for the response. Yes, requirement is to store, rotate and verify the credentials from PAM.

Regards,
Shailee

What PAM solution are you working with?

We are using CyberArk

In this case yes you can do this - you can configure CyberArk to SSH into the VA and use the passwd command to change it (which the VAs support).

2 Likes

Hi @adunker ,

Yes I understand that. However, in my understanding it is not possible to create an addition OS user on VAs. In our case, it is the minimum requirement to have an additional reconciliation account for SSH to rotate “sailpoint” user’s password to ensure the actual “sailpoint” user account isn’t lost in the process.

Thanks,
Shailee

@shaileeM - correct the VA architecture as a managed image would prevent you form being able to fulfill this requirement.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.