Authenticate Users Logging in to the Server

When a user logs in to , the server can authenticate each user locally or remotely with a third-party source.
capam32
When a user logs in to 
Privileged Access Manager
, the server can authenticate each user locally or remotely with a third-party source.
To authenticate users locally:
  1. Navigate to
    Settings
    ,
    Global Settings
    .
  2. In the
    Default Auth Method
    field, select
     Local.
     
  3. Add users for local authentication from the 
    Users, Manage Users
     page.
To authenticate users remotely using a third-party, you must configure the server to use that third-party. 
PAM
 works with the following third-party directories and devices. 
  • LDAP directories: Compatible LDAP directory services include Microsoft Active Directory (AD), OpenLDAP, and other LDAP-compliant repositories. You can also configure Kerberos authentication with PIV/CAC for an LDAP domain.
  • LDAP+RADIUS: Sequential authentication from an LDAP directory and a RADIUS server
  • PKI Smart Card Authentication: Smart cards or a browser that is loaded with certificates for authentication. 
  • RADIUS and TACACS+: Authentication against a RADIUS or TACACS+ server
  • RSA: Authentication using an RSA SecurID server
  • LDAP+RSA: Sequential authentication from an LDAP directory and an RSA SecurID server
  • SAML: SAML authentication using 
    PAM
     as one or both of the following providers:
    • Identity Provider
    • Relying Party/Service Provider
For configuration instructions, select the authentication method you want to use from this list of supported third-party methods.