Symantec Privileged Access Management

  • 1.  Transparent login for multiple accounts in single policy

    Posted Oct 06, 2016 03:57 PM

    Hi,

     

    Is there a way to configure multiple target accounts in a single policy within CA PAM?

     

    Eg: I would take Toad application which handles multiple schema, now a user should be accessible to sys, system, sysdba roles and i tried creating multiple RDP apps for each account but gets a conflict of Windows Title and attached is the error.

     

    Regards,

    Muddassar Shaik



  • 2.  Re: Transparent login for multiple accounts in single policy
    Best Answer

    Broadcom Employee
    Posted Oct 28, 2016 07:58 AM

    Hi, 

    I'm seing the same service twice. Do you have this RDP Application Service duplicated?

    The windows Title should be exactly the same as the title that is showed when you launch the tool.

    If the Windows title changes after entering the credentials, then you need to add another Windows Title with the same Transparent Login Config user.

    In Toad you might be able to set a Windows Title.

    Take a look at the screenshot attached. In this case is for Putty.RDP Application for Putty

     

    I would suggest you to raise a case to Support with the current RDP Application Service screenshot to get more assistance.



  • 3.  Re: Transparent login for multiple accounts in single policy

    Posted Nov 03, 2016 02:44 PM

    Thank You Maria for your response, There is a limitation in CA PAM policy management where multiple similar RDP apps cannot be called within policy, i would go for raising an Idea to allow choosing of desired account or atleast allowing multiple similar RDP apps within transparent login under the Policy.



  • 4.  Re: Transparent login for multiple accounts in single policy

    Broadcom Employee
    Posted Nov 02, 2016 12:23 PM

    Hi Muddassar,

     

    If I am understanding your question correctly, it sounds like you want to set this up so that clicking on the RDP Application can result in a selection list of accounts to use (like what happens when using an RDP or SSH application that uses multiple users). It is not currently possible to do this and I would suggest creating an Idea here in the communities to request an enhancement if this functionality is required.

     

    As a workaround, after creating the first RDP application settings and confirming functionality you can use the copy function at the bottom of the RDP App settings to create additional RDP App definitions for the additional accounts. For example you could have "Toad - sys", "Toad - system" & "Toad - sysdba" RDP applications and the user would select the one they need at the time. 

     

    -Chrisitan



  • 5.  Re: Transparent login for multiple accounts in single policy

    Posted Nov 03, 2016 02:47 PM

    Thank You ! Creating similar RDP Apps(like Toad-sys, Toad-system, etc) and calling under 1 policy throws out an error which i already have shared in this forum, lets try to get it added as an enhancement in our coming releases....



  • 6.  Re: Transparent login for multiple accounts in single policy

    Broadcom Employee
    Posted Nov 08, 2016 06:30 AM

    Yes, this is an enhancement request, I got this question in the past...



  • 7.  Re: Transparent login for multiple accounts in single policy

    Posted Nov 30, 2016 12:05 AM

    Merce Salmeron Employee   lutch01  Any update on this enhancement request?



  • 8.  Re: Transparent login for multiple accounts in single policy

    Posted Jan 22, 2017 01:58 AM

    Any update on this enhancement request.



  • 9.  Re: Transparent login for multiple accounts in single policy

    Broadcom Employee
    Posted Jan 23, 2017 03:48 AM

    Dear Asif,

    Did you opened an idea for this? If so, you can ask there for the status.. as product manager review the ideas, not here the questions. If the idea is not yet opened, then proceed to open it.

    Cheers, Merce