In EEM we link a user to PAM application group like Pamadmin. If EEM is set up with AD as source, can AD groups in EEM be linked to pamadmin group so that anyone added to AD group gains PAM access?
pam 4.2.2 and eem 12
If you are attempting to setup all users in your AD with basic PamUser or PamAdmin rights, please review the following tech doc:
TEC549783 "IT PAM configuration for EEM and Dynamic User Groups"
The doc shows specific details for the PamUser policy. If you need PamAdmin rights, just follow that doc, except you will be matching your dynamic group with the PamAdmin instead of PamUser.
Thanks Michael, this may be just what we need.
This will give PAM access to people in AD groups. Can I ALSO assign a PAM task to an AD group?
"No", was the answer I received from Support when I attempted to assign tasks to AD groups. They said it was not supported.
Retrieving data ...