Plugins

The Plugin Settings provide options for System Admins to configure Privileged Access Management (PAM) provider plugins. In this page, you can start and stop PAM providers plugins, or create a new PAM Server Configuration.

PAM Server Configurations

The Privileged Access Management (PAM) Server Configurations are used by PAM provider plugins to connect to remote, third party PAM servers and vaults.

An Administrator can only create Global PAM configurations, which assume that the remote PAM vault is directly accessible by the VPAM Server.

Customer users, particularly Gatekeeper or Application administrators, can create PAM Configurations that use one of their managed Sites as a tunnel for the PAM provider plugin to reach the vault, allowing the VPAM server to use vaults that reside within that Customer's networks and would otherwise be unreachable.

When creating PAM Configurations, administrators need to provide a Name, a Description, and a URL that the plugin uses to make its requests. This endpoint must be accessible from the VPAM server. Along with those configurations, administrators must select a PAM provider plugin that is currently loaded into the server, and configure its required Connection Parameters as specified.

A suitable list of placeholders can be used, so that the remote vault can be connected to as needed. To see the list of placeholders, the Administrator needs to hover their mouse over Help.

Placeholders resolved according to the appropriate service, host and user that is trying to access the service, each time that a credential is requested. PAM Plugins use these values as part of their workflow when connecting to the remote provider.