Environment
NetIQ Privileged Account Manager
NetIQ Privileged User Manager
NetIQ Privileged User Manager
Situation
Integration through Identity Injection with NetIQ Access Manager (NAM) isn't working
Unable or can't access PAM with single-sign-on url (SSO)
Unable or can't access PAM with single-sign-on url (SSO)
NAM SSO to PAM Consoles fail
Resolution
Documentation covers the configuration needed when Integrating with NetIQ Access Manager. To integrate Privileged Account Manager with NAM for SSO, please create a protected resource in Access Manager for PAM and a policy for injecting the appropriate custom headers as described below.
Policy Configuration:
The following headers or flags need to be configured for SSO to work. Please inject the following into custom headers.
PAM Console (i.e. "/pam"):
https://www.mydomain.com/pam/?sso=1
https://www.mydomain.com/pam/?sso=1
- Set X_PUM_RDP_USER to PAM user.
- Set X_PUM_RDP_PWD to PAM user's password.
PAM Admin Console (i.e. "/"):
https://www.mydomain.com/?sso=1
- Set X_PUM_ADMIN to PAM user name.
- Set X_PUM_PASSWD to PAM user's password.
Additional Information
PAM 3.2 and earlier uses the "MyAccess" User Console (i.e. "/myaccess"):
https://www.mydomain.com/myaccess/index.htm?sso=1
https://www.mydomain.com/myaccess/index.htm?sso=1
- Set X_PUM_RDP_USER to PAM user.
- Set X_PUM_RDP_PWD to PAM user's password.