Add a UNAB User Login Authorization to Devices

This content describes how to add aUNAB user login authorization to devices.
Do the following procedures to add a UNAB user login authorization to devices.
In contrast to PAMSC, PAM 4.0 does not support either manually creating either UNAB users or UNAB user groups, nor creating a Login Authorization Policy for these UNAB users or UNAB user groups. You can only use LDAP to import Users or User Groups. For more information, Import LDAP User Groups and Import LDAP Device Groups.

Add Users and User Groups

Do this procedure to add users and user groups.
Follow these steps
:
  1. In the PAM UI, select
    Policies
    ,
    Manage UNAB Policies
    . The
    UNAB Login Authorization Policies
    screen appears.
  2. Select
    Add
    . The
    Add UNAB Login Authorization Policy
    dialog appears.
  3. Add a description for the policy in the
    Description
    field.
  4. Use the
    Device Name
    tab to select the device to add to the policy.
    The Available Groups list identifies all UNAB Users that exist on this Privileged Access Manager appliance.
  5. Use the
    Users
    tab to select the users or user groups to associate with a policy. The Available Users and Groups lists identify all Active Directory users and user groups that exist and that are linked to a UNAB host machine. These users and user groups are imported from AD/LDAP using the PAM LDAP importer. These users and user groups must have a CA ControlMinder attribute to appear in the
    Login Authorization
    policy page.
  6. Select the desired user or user group, and then select
    OK
    .

Add Users to Policies

Do this procedure to add users to policies.
Follow these steps
:
  1. In the PAM UI, select
    Policies
    ,
    Manage UNAB Policies
    . The
    UNAB Login Authorization Policies
    screen appears.
  2. From the
    UNAB Login Authorization Policies
    tab, select the policy to update, and then select
    Update
    .
    The
    Update UNAB Login Authorization Policy
    dialog appears.
  3. Select the
    Users
    tab and use the shuttle to select users for your policy.
  4. Select
    OK
    to confirm the change and exit this dialog.

Add User Groups to Policies

Do this procedure to add user groups to policies.
Follow these steps
:
  1. In the PAM UI, select
    Policies
    ,
    Manage UNAB Policies
    . The
    UNAB Login Authorization Policies
    screen appears.
  2. From the
    UNAB Login Authorization Policies
    screen, select the policy to update, and then select
    Update
    .
    The
    Update UNAB Login Authorization Policy
    dialog appears.
  3. Select the
    User Groups
    tab and use the shuttle to select user groups for your policy.
  4. Select
    OK
    to confirm the change and exit this dialog.

Audit UNAB Policy Deployments

You can audit your UNAB policy deployments. This audit gives you a view of your UNAB policy deployments and a descriptive list of deployment tasks. The list details what triggered each deployment task, when it was created, and what type of deployment was involved. For each deployment task, you can further explore the following details:
  • For which host and policy pair the deployment task created
  • The version of the policy that was deployed
  • The status of the deployment task (queued, succeeded, or failed)
  • The
    selang
    output (result of deploying the command).
To audit UNAB policy deployments, follow these steps
:
  1. In the PAM UI, select
    Policies
    ,
    Manage UNAB Policies
    . The
    UNAB Login Authorization Policies
    screen appears.
  2. In the
    UNAB Login Authorization Policies
    screen, select
    Deployment Audit
    . The
    Deployment Audit
    dialog appears.
  3. Define a scope for the deployment audit using the Column and Value filters, and then select
    View
    . To view the policy, the user selects a particular policy and then selects
    View
    . The Privileged Identity Manager Enterprise Console retrieves information about deployments that are in the scope you defined and displays the results after a short delay.