CA Privileged Access Manager

CA Privileged Access Manager (PAM) is an identity and access management (IAM) product which controls, audits, and records access to managed devices such as servers, instances, switches, and so on.
imgc10-in-progress
You can manage the
CA Privileged Access Manager
endpoint from the CA Identity Manager User Console, and not from the Provisioning Manager.
CA Privileged Access Manager (PAM) is an identity and access management (IAM) product which controls, audits, and records access to managed devices such as servers, instances, switches, and so on.
CA PAM combines the following access control and privileged user password management capabilities that enables you to secure the access to critical infrastructure for privileged and third-party users.
  • Access Control:
    The Access component controls and tracks the pathways into your internal computing resources.
  • Credential Management:
    The Credential Management component provides secure password maintenance (storage and change push) use by privileged users sharing access, and use by automated, application-to-application systems.
What the CA Privileged Access Manager Connector can do
The CA PAM connector works with local and external users, Password Management Groups, Roles, Devices, Device Groups, LDAP Devices, LDAP Device Groups, LDAP User Groups, and Policies.
This table lists the tasks that the CA PAM connector enables the applications to do:
Task
CA Identity Manager
CA Identity Governance
Create, modify, search, view and delete Local Users
Yes
Yes
Modify, search and view LDAP Users
Yes
Yes
Assign or revoke existing Roles to Users
Yes
Yes
Add or remove the users from existing User Groups
Yes
Yes
Search and view LDAP User Groups
Yes
Yes
Add or remove the users from existing Password Management Groups
Yes
Yes
Assign or revoke access (create or delete policies) to Device or Device Groups
Yes
Yes
Assign or revoke access (create or delete policies) to LDAP Device or LDAP Device Groups
Yes
No
Assign or revoke Target Accounts on specific Access Method to LDAP Devices for auto login
Yes
No
Assign or revoke Target Accounts on specific Access Method to Devices for auto login
Yes
No
Change a user's password
Yes
No
Enable or disable a User Account
Yes
No
Synchronize Accounts with Account Templates
Yes
No
Synchronize Users with Roles
Yes
No
In the LDAP User Groups, Device Groups and User Groups '' implies comma (,)
Limitations
  • Policies cannot be created or modified between User Groups and Devices/Device Groups.
  • CA PAM LDAP User Groups are visible when searched for, however,  the LDAP User Groups cannot be assigned to LDAP users. 
  • Due to limitations from CA Privileged Access Manager (versions 2.8 or earlier), PAM API does not behave as expected while modifying an account template. Switching from 'Later' to 'Now' for Account Activation does not work.
    Solution:
    Select 'Later' and provide the current time to activate account Now.
Downloads