Home » Integration with PAM360
 

Integrating with ManageEngine PAM360

Advantages of Endpoint Central-PAM360 integration

The Endpoint Central-PAM360 integration empowers administrators with advanced privilege elevation and delegation management. This functionality enables effective oversight of resources on organizational endpoints. Using crafted rules, administrators can identify and manage privileged users, accounts, and resources across PAM360 resources.

Pre-Requisites

  1. You should be on Endpoint Central build 11.3.2404.1 or above.
  2. The user responsible for configuration should hold administrative privileges in both the Endpoint Central application and PAM360.
  3. In order to leverage Endpoint Central within PAM360 effectively, it is crucial that the user currently logged into PAM360 exists within Endpoint Central with an identical username. If the user is authenticated via Active Directory, their corresponding account in Endpoint Central should align with the same domain name. This synchronization ensures seamless integration and functionality across both platforms.
  4. For this integration to work, Endpoint Central should be running in secured HTTPs port/mode only.
  5. As Endpoint Central is running in the HTTPs mode, the identity of the system needs to be verified through a valid SSL certificate, which has to be imported into the PAM360 certificate store. Follow the steps listed below:
    1. Stop the PAM360 service.
    2. Open the command prompt and go to the <PAM360-Installation-Directory>/bin folder.
    3. Execute the command - importCert.bat <Absolute Path of the Endpoint Central' Certificate>
    4. Now, start the PAM360 service again.

Role - Manage Endpoint Central

By default, users assigned the Privileged Administrator and Administrator roles can configure and manage Endpoint Central in PAM360. Alternatively, you can grant these same responsibilities to users by creating a custom role with the Manage Endpoint Central privilege enabled. Users assigned this custom role will be able to configure and manage Endpoint Central via PAM360.

PAM360 Integration

Generation of API Key

To integrate PAM360 with Endpoint Central, it is necessary to generate an API Key from Endpoint Central. To generate the authentication token, perform the steps that follow:

  1. Log in to Endpoint Central.
  2. Go to Admin and select API Key Management under Integration.

    Integration EC-PAM360

  3. Click Generate Key.

    Generate Key

  4. Select the application PAM Integration.
  5. Click Generate Key to generate the required API key for establishing communication with PAM360.

    API Key Generation

  6. Copy the API key generated for configuring Endpoint Central in PAM360 and close the box.

    PAM360 API Key Generation

Configuring Endpoint Central & PAM360

To ensure the expected functionality and perform endpoint privilege management capabilities via the PAM360 environment, configuring Endpoint Central & PAM360 is necessary. To do so:

  1. Login to the PAM360 user account.
  2. Go to Admin -> Privilege Elevation, and select Application Control.

    Configure EC & PAM360

  3. Click Configure.
  4. In the dialogue box that opens,
    • Input the server name where the Endpoint Central is installed (e.g., in-qaauto-92dt).
    • Enter the HTTPS port number configured for Endpoint Central (default is 8383).
    • Paste the copied API key generated from the Endpoint Central console in the Authentication Token.
    • Click Generate for generating the PAM360 Authentication Token and copy the generated token.
    • Click Enable.

      Configure EC-PAM360

  5. Open Endpoint Central console and navigate to Admin -> PAM360 Integration Settings under Integrations.

    PAM360 Integration Settings

  6. Input the server URL where PAM360 is hosted and paste the copied Authentication Token from the PAM360 console.
  7. Verify the PAM360 certificate details and click Trust this Certificate.

    Trust Certificate

  8. Click Save.

    PAM360 Settings

Note: Once configured, you can also edit the above details using the Edit Configuration button present at the top pane of the left Endpoint Central column.

Configuration and Management Failure Scenarios

Encountering difficulties while configuring or managing Endpoint Central in PAM360 can result from various factors. It is essential to address these issues to ensure effective and efficient utilization of the Endpoint Central feature.

  1. Mismatched Privileged Roles

    If a user attempts to manage Endpoint Central via PAM360 but lacks a corresponding privileged role in Endpoint Central, issues may arise. Users should possess similar privileged roles in both platforms to access and manage Endpoint Central seamlessly.

  2. Unauthorized Access and Privileges

    Configuration or management of Endpoint Central without the appropriate privileges can lead to unauthorized access attempts. Users should be granted the necessary privileges to avoid encountering issues while configuring or managing Endpoint Central within PAM360.

  3. API Key/Authentication Token Update Requirement

    Changing the API Key/Authentication Token on either server disrupts the functionality of the Endpoint Central-PAM360 integration. This is because the previously generated authentication token becomes invalid. To ensure smooth operation, it is essential to update the configuration with the newly generated API key/authentication token in the corresponding server.

  4. Username Discrepancy

    If a user attempting to access Endpoint Central does not have the same username as in PAM360, issues may arise. Consistency in usernames across platforms is necessary to facilitate seamless access and utilization of Endpoint Central functionalities.
    Addressing these potential failure scenarios comprehensively ensures the effective and efficient deployment and usage of Endpoint Central within PAM360, enhancing overall security management capabilities.

Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.

 

 

 

Back to Top