IT Process Automation

  • 1.  Link AD group in EEM to PAM group?

    Broadcom Employee
    Posted Jan 22, 2015 12:38 PM

    In EEM we link a user to PAM application group like Pamadmin. If EEM is set up with AD as source, can AD groups in  EEM be linked to pamadmin group so that anyone added to AD group gains PAM access?



  • 2.  Re: Link AD group in EEM to PAM group?

    Broadcom Employee
    Posted Jan 22, 2015 12:39 PM

    pam 4.2.2 and eem 12



  • 3.  Re: Link AD group in EEM to PAM group?

    Broadcom Employee
    Posted Jan 22, 2015 12:56 PM

    Michael,

    If you are attempting to setup all users in your AD with basic PamUser or PamAdmin rights, please review the following tech doc:

     

    TEC549783  "IT PAM configuration for EEM and Dynamic User Groups"

     

    The doc shows specific details for the PamUser policy.  If you need PamAdmin rights, just follow that doc, except you will be matching your dynamic group with the PamAdmin instead of PamUser.

     

    Thank you,

    Michael Niebuhr



  • 4.  Re: Link AD group in EEM to PAM group?

    Broadcom Employee
    Posted Jan 22, 2015 01:37 PM

    Thanks Michael, this may be just what we need.

     

    This will give PAM access to people in AD groups. Can I ALSO assign a PAM task to an AD group?

     

    Mike



  • 5.  Re: Link AD group in EEM to PAM group?

    Posted Jan 23, 2015 06:59 AM

    "No", was the answer I received from Support when I attempted to assign tasks to AD groups. They said it was not supported.