Integration with NetIQ Access Manager (NAM) isn't working

  • 7017364
  • 15-Mar-2016
  • 09-Aug-2018

Environment

NetIQ Privileged Account Manager
NetIQ Privileged User Manager

Situation

Integration through Identity Injection with NetIQ Access Manager (NAM) isn't working
Unable or can't access PAM with single-sign-on URL (SSO)
NAM SSO to PAM's Admin Console and/or MyAccess page fails:
  • PAM 3.5 Admin & User Consoles (new):
    https://www.mydomain.com/pam/?sso=1

  • PAM 3.2 (and below) Admin & User Consoles (old):
    https://www.mydomain.com/?sso=1
    https://www.mydomain.com/myaccess/index.htm?sso=1

Resolution

Documentation covers the configuration needed when Integrating with NetIQ Access Manager. To integrate Privileged Account Manager with NAM for SSO, please create a protected resource in Access Manager for PAM and a policy for injecting the appropriate custom headers as described below.

Policy Configuration:
The following headers or flags need to be configured for SSO to work. Please inject the following into custom headers.

PAM Admin Console:
  • Set X_PUM_Admin to PAM admin user name.
  • Set X_PUM_Passwd to PAM admin password.


PAM User Console (MyAccess):

  • Set X_PUM_RDP_USER to PAM admin user name.
  • Set X_PUM_RDP_PWD to PAM admin password.