Hi Guys, How can we achieve below use case ?
"There are four members in the firewall team have their own manage accounts(Non-AD Accounts). Customer want to create one user group to grouping these members. When one member login to the PAM ,he should be able to view hist credential/manage account only."
For this you can utilize the dedicated accounts mapping option for local privileged accounts.
For this you need below things:
Create a dedicated account mapping smart rule, to map _admin prefix with the users group.
Then the user will only able to see their own dedicated accounts.
Can this dedicated accounts works for firewall accounts ? Each user has their own firewall local account.
Yes it will work, as long as you have dedicated accounts, but make sure that in the privileged accounts there is a prefix or postfix so that the dedicated mapping can work with the users group.
When setting these up, spelling is everything. We have accounts and privileged accounts. I had a few users where their primary account was something like msmith for Mike Smith and an elevated account of msmit.priv. I was mapping on .priv so msmith does not match msmit
I had these handful of anomalies renamed to include the full spelling of the primary account. (added the h to smit in the privileged account).
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
