Adding New PAM Containers Manually

PAM containers are typically created through aggregation from the PAM vendor application. In addition, system administrators, and other users with the PAM Administrator capability, can manually add PAM containers in IdentityIQ.

Some global and application-level settings for PAM determine whether this option is available and how it works:

  • The option to add containers must be enabled globally. To enable this option, navigate to the gear menu > Global Settings > IdentityIQ Configuration > Privileged Account Management tab, and select Enable the creation of PAM containers. See PAM Global Configuration Settings.

  • A provisioning policy for creating containers must be defined in the application definition for the PAM application that will be associated with the new container. This policy determines which specific fields need to be defined for a new container when it is added. See Configuring a PAM Application.

To add a PAM container:

  1. In the Quicklink menu, click Manage Access > Privileged Account Management.

  2. Click Add Container.

  3. Choose the PAM application for this container from the dropdown. Note that the drop-down only lists applications of type Privileged Account Management. When you choose the application, additional Create Container Policy fields appear for the container, based on the provisioning policy that is set for the application.

  4. Enter a Display Name, Description, and Owner for the container.

  5. Create Container Policy fields; any fields required by the provisioning policy for creating containers will appear and should be completed. This information is used to provision the container in the PAM system, and can also determine how container information is displayed in the Entitlement Catalog. The provisioning policy for creating containers is defined in the application definition. See Configuring a PAM Application.

  6. Click Submit.

By default, the creation of a new PAM container must be approved by the owner of the PAM application associated with the container. An approval item is created for the application owner and can be accessed through the Approvals tile on the approver's home page.

Note: PAM container creation is handled by a workflow task. To monitor status of this task, use the gear icon > Administrator Console > Provisioning tab. You can view the results of this task in either the Administrator Console Tasks tab, or in the Setup > Tasks > Task Results tab.