The Symantec Privileged Access Manager Remote CLI (Command Line Interface) allows administrators to manage a PAM Appliance remotely from a client system by executing specific commands and batch scripts.
- The remoteCLI must be installed, configured and connected to your PAM Appliance
- Navigate the %CAPAM_CLI% directory from the command line on the client system
Tip: If you have not installed and setup the remoteCLI, please refer to the [–“How to Install the Remote CLI for Symantec Privileged Access Manager (PAM)”–] document to complete this process.
Installation Steps and Procedures
Step 1 – Understand the Command Syntax & Parameters
You can use the Remote CLI to control and configure Credential Manager. This command-line interface allows administrators to provide scripted functionality to complete management and integration tasks. The interface supports a limited subset of features that are available through the GUI and a few commands that are only available through the CLI.
- To invoke the commands in the cliTool.jar, every remoteCLI command must begin with capam_command
- Next, you must specify what PAM Appliance this command will be executed on. The syntax begins with “capam=” and ends with the hostname of the PAM Appliance.
- Next, define the admin user that will be executing the command. Use “adminUserID=” and then input the username of the administrative account you would like to use.
- Then, define what command you are attempting to execute. The “cmdName=” parameter determines what command is going to be executed on the PAM Appliance. In this case that command is “addTargetServer”.
- Finally, define the hostname of the target server you are trying to add to PAM. To do this you must use “TargetServer.hostName=” then, put in the host name of the device.
- Optionally, add descriptors. Use the parameter “Attribute.descriptor1=” then input a short description (use quotation marks around the name and do not add any spaces.)
- All of this information is used to execute one command.
Step 2 – Add a Target Server
Use the addTargetServer command to add a target server to Credential Manager.
- To add a target server, we must use the appropriate parameters in the appropriate order. Therefore, we will type the command in the respective order in the above section.
capam_command capam= myPAMServer.domain.com adminUserID=super cmdName=addTargetServer TargetServer.hostName=myhostname.mydomain.com Attribute.descriptor1=”IdentityManager”
- Once you execute the command you will be prompted for the administrator password. Enter that password and the command will execute.
- Look at <CommandResult> information to verify the command ran successfully and that the test was completed.
- Finally, verify that the command executed successfully by going to the PAM Appliance, navigate to Devices, Manage Devices. You should see your newly created device here.
For instruction on creating a target application please refer to the documentation.
Looking for additional help with creating a target device in PAM? ISX is an elite IAM security firm that offers boundless expertise in a range of cybersecurity and business process services, including PAM. Take your interoperability to the next level, and contact an ISX consultant today.