How to Create a Target Device in Privileged Access Manager (PAM) from the Remote CLI

The Symantec Privileged Access Manager Remote CLI (Command Line Interface) allows administrators to manage a PAM Appliance remotely from a client system by executing specific commands and batch scripts. 

Prerequisites 

  • The remoteCLI must be installed, configured and connected to your PAM Appliance
  • Navigate the %CAPAM_CLI% directory from the command line on the client system

Tip: If you have not installed and setup the remoteCLI, please refer to the [–“How to Install the Remote CLI for Symantec Privileged Access Manager (PAM)”–] document to complete this process.

Installation Steps and Procedures 

Step 1 – Understand the Command Syntax & Parameters 

You can use the Remote CLI to control and configure Credential Manager. This command-line interface allows administrators to provide scripted functionality to complete management and integration tasks. The interface supports a limited subset of features that are available through the GUI and a few commands that are only available through the CLI.

  1. To invoke the commands in the cliTool.jar, every remoteCLI command must begin with capam_command
  2. Next, you must specify what PAM Appliance this command will be executed on. The syntax begins with “capam=” and ends with the hostname of the PAM Appliance.
    Example capam=myPAMServer.domain.com 
  3. Next, define the admin user that will be executing the command. Use “adminUserID=” and then input the username of the administrative account you would like to use.
    Example: adminUserID=super
  4. Then, define what command you are attempting to execute. The “cmdName=” parameter determines what command is going to be executed on the PAM Appliance. In this case that command is “addTargetServer”.
    Example: cmdName=addTargetServer 
  5. Finally, define the hostname of the target server you are trying to add to PAM. To do this you must use “TargetServer.hostName=” then, put in the host name of the device.
    Example: TargetServer.hostName=myhostname.mydomain.com
  6. Optionally, add descriptors. Use the parameter “Attribute.descriptor1=” then input a short description (use quotation marks around the name and do not add any spaces.)
    Example: Attribute.descriptor1=”IdentityManager”
  7. All of this information is used to execute one command.

Step 2 – Add a Target Server

Use the addTargetServer command to add a target server to Credential Manager.

  1. To add a target server, we must use the appropriate parameters in the appropriate order. Therefore, we will type the command in the respective order in the above section.
    addTargetServer command: 

    capam_command capam= myPAMServer.domain.com adminUserID=super cmdName=addTargetServer TargetServer.hostName=myhostname.mydomain.com Attribute.descriptor1=”IdentityManager

  2. Once you execute the command you will be prompted for the administrator password. Enter that password and the command will execute.
  3. Look at <CommandResult> information to verify the command ran successfully and that the test was completed.
  4. Finally, verify that the command executed successfully by going to the PAM Appliance, navigate to Devices, Manage Devices. You should see your newly created device here.
    For instruction on creating a target application please refer to the documentation.

Looking for additional help with creating a target device in PAM? ISX is an elite IAM security firm that offers boundless expertise in a range of cybersecurity and business process services, including PAM. Take your interoperability to the next level, and contact an ISX consultant today.

ISXHow to Create a Target Device in Privileged Access Manager (PAM) from the Remote CLI

Leave a Reply

Your email address will not be published. Required fields are marked *