/
Privileged Access Management

Privileged Access Management

Owned by wiki
Last updated: Dec 23, 2020

Activities


Approve PAM Request

This activity approves a request to elevate to a PAM role.   

Activity Parameters

The Approve PAM Request activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • Connection (text box editor type) (type: string): PAM Connection. The Output from Connect To PAM activity should be used as Input for this parameter.
  • Request ID (text box editor type) (type: string): The identifier (GUID) of the PAM request to be approved.

The Read Only Output variable is the possible output value that the activity will provide:

  • Output Status (type: boolean): outputs the operation status. If succeeded the output value is 'True', otherwise is 'False'. 


Close PAM Request

This activity closes a request that was initiated to elevate to a PAM role.

Activity Parameters

The Close PAM Request activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • Connection (text box editor type) (type: string): PAM Connection. The Output from Connect To PAM activity should be used as Input for this parameter.

  • Request ID (text box editor type) (type: string): The identifier (GUID) of the PAM request to be approved.

The Read Only Output variable is the possible output value that the activity will provide:

  • Output Status (type: boolean): outputs the operation status. If succeeded the output value is 'True', otherwise is 'False'. 

Connect To PAM

This activity connects to the privileged account and outputs a PAM connection.

Activity Parameters

The Connect To PAM activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • PAM Hostname (text box editor type) (type: string): enter the hostname for the PAM.
  • Password (text box editor type) (type: string): enter the password.
  • Password Binding (text box editor type) (type: string): bind to a variable containing the encrypted password for connection. This parameter is used only when the user wants to send an encrypted password from outside the task, for example Flowster Studio Portal. 
  • Use Secure (combo box editor type) (type: string): choose whether to use secure communication ("https") or standard ('http').
  • Username (text box editor type) (type: string): enter the username.

The Read Only Output variable is the possible output value that the activity will provide:

  • Connection (type: string): outputs the PAM connection. The output of this activity should be used as input for all Connection parameters used for all activities placed under PAM category.

Create PAM Request

This activity creates a request to elevate the privileged account to a PAM role.

Activity Parameters

The Create PAM Request activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • Connection (text box editor type) (type: string): PAM Connection. The Output from Connect To PAM activity should be used as Input for this parameter.
  • Justification (text box editor type) (type: string): the user-supplied reason for the elevation request.
  • RequestedTTL (text box editor type) (type: string): the requested expiration time, in seconds.
  • RoleID (text box editor type) (type: string): the unique identifier (GUID) of the PAM role to elevate to.

The Read Only Output variable is the possible output value that the activity will provide:

  • Output (type: List<KeyValuePair<String,String>>): outputs a list of dictionaries containing the request's details. In order to use the output you can use the GetKeyValuePair activity with the keys: 'CreationMethod', 'CreationTime', 'CreatorID',  'ExpirationTime', 'Justification', 'RequestedTime', 'RequestedTTL', 'RequestID', 'RequestStatus' and 'RoleID'.

Disconnect From PAM

This activity disconnects the specified PAM connection. 

Activity Parameters

The Disconnect From PAM activity parameters can be provided by manual inserted values or via IN arguments or variables:


Parameters:

  • Connection (text box editor type) (type: string): PAM Connection. The Output from Connect To PAM activity should be used as Input for this parameter.


Get PAM Requests

This activity gets a history of previously posted PAM requests.

Activity Parameters

The Get PAM Requests activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • Connection (text box editor type) (type: string): PAM Connection. The Output from Connect To PAM activity should be used as Input for this parameter.
  • Filter Role ID (text box editor type) (type: string): enter the role ID for the request to be retrevied.

The Read Only Output variable is the possible output value that the activity will provide:

  • Output (type: List<KeyValuePair<String,String>>): outputs a list of dictionaries containing the request's details. In order to use the output you can use the GetKeyValuePair activity with the keys: 'CreationMethod', 'CreationTime',  'CreatorID',  'ExpirationTime', 'Justification',  'RequestedTime',  'RequestedTTL', 'RequestID', 'RequestStatus' and 'RoleID'.

Get PAM Roles

This activity gets the PAM roles for which the account is a candidate.

Activity Parameters

The Get PAM Roles activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • Connection (text box editor type) (type: string): PAM Connection. The Output from Connect To PAM activity should be used as Input for this parameter.
  • Filter Display Name (text box editor type) (type: string): enter the display name for the role to be retrieved.

The Read Only Output variable is the possible output value that the activity will provide:

  • Output (type: List<KeyValuePair<String,String>>): outputs a list of dictionaries containing the role's details. In order to use the output you can use the GetKeyValuePair activity with the keys: 'RoleID', 'ApprovalEnabled', 'AvailableFrom', 'AvailableTo', 'AvailabilityWindowEnabled', 'Description', 'DisplayName', 'MFAEnabled' and 'TTL'.

Get PAM Session Info

This activity gets the username of the account that is logged in to the session. 

Activity Parameters

The Get PAM Session Info activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • Connection (text box editor type) (type: string): PAM Connection. The Output from Connect To PAM activity should be used as Input for this parameter.

The Read Only Output variable is the possible output value that the activity will provide:

  • Output (type: list<string>): outputs a list of active usernames.

Get Pending PAM Requests

This activity gets a list of pending requests that need approval.

Activity Parameters

The Get Pending PAM Requests activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • Connection (text box editor type) (type: string): PAM Connection. The Output from Connect To PAM activity should be used as Input for this parameter.
  • Filter Role Name (text box editor type) (type: string): filter requests by role name.

The Read Only Output variable is the possible output value that the activity will provide:

  • Output (type: List<KeyValuePair<String,String>>): outputs a list of dictionaries containing the pending request's details. In order to use the output you can use the GetKeyValuePair activity with the keys: 'ApprovalObjectID', 'FIMRequestID', 'RequestorID', 'CreationTime', 'Justification',  'RequestedTime',  'RequestedTTL', 'Requestor' and 'RoleName'.

Reject PAM Request

This activity rejects a PAM request to elevate to a PAM role.

Activity Parameters

The Reject PAM Request activity parameters can be provided by manual inserted values or via IN arguments or variables:

Parameters:

  • Connection (text box editor type) (type: string): PAM Connection. The Output from Connect To PAM activity should be used as Input for this parameter.
  • Request ID (text box editor type) (type: string): the identifier (GUID) of the PAM request to reject.

The Read Only Output variable is the possible output value that the activity will provide:

  • Output Status (type: boolean): outputs the operation status. If succeeded, the output value is 'True', otherwise is false.

Related content

Certificate Management
Certificate Management
Flowster Studio Activity Library
More like this
3.2.4.1.1. Templates
3.2.4.1.1. Templates
Flowster Studio Designer Basic
More like this
Users and Computers
Users and Computers
Flowster Studio Activity Library
More like this
eDirectory
eDirectory
Flowster Studio Activity Library
More like this
Flowster Studio Password Reset Portal
Flowster Studio Password Reset Portal
Flowster Studio Activity Library
More like this
IPA
IPA
Flowster Studio Activity Library
More like this