Adding and Removing Privileged Items in a PAM Container

Although you cannot create new privileged items directly in IdentityIQ, any privileged items that have been aggregated from your PAM vendor(s) can be manually added to PAM containers.

The option to add privileged items to containers must be enabled globally. To enable this option, navigate to the gear menu > Global Settings > IdentityIQ Configuration > Privileged Account Management tab, and select the Enable adding and removing privileged items in PAM containers option. With this option enabled, users can also remove privileged items from containers. See PAM Global Configuration Settings.

To add or remove items in a PAM container:

  1. In the Quicklink menu, click Manage Access > Privileged Account Management.

  2. Click View Details for the container whose items you want to modify.

  3. Click the Privileged Items tab.

  4. Click Add Privileged Items.

  5. Select the items to add from the dropdown. You can select more than one item before you submit the change, but items are selected one at a time.

    6. Note: Be sure to select all the items you want to add before submitting the request, because once the request has been submitted, the resulting business process must be completed before you can add more items to this container.

  6. Click Submit.

  7. To remove an item from the container, click the Remove button beside the item, and confirm the deletion. You can select multiple items and remove them in bulk using Bulk Remove.

By default, changes to items in a PAM container must be approved by the owner of the PAM container. If there is no owner set for the container, approvals go to the owner of the PAM application associated with the container. Approvals are accessed through the Approvals tile on the approver's home page.

Once the addition or removal of items has been approved, these new associations between the items and the container are provisioned to the PAM application, according to the provisioning policies that are defined in the application definition for the application. See Configuring a PAM Application.

Note: The addition of items to a PAM container is handled by a workflow task. To monitor status of this task, use the gear icon > Administrator Console > Provisioning tab. You can view the results of this task in either the Administrator Console Tasks tab, or in the Setup > Tasks > Task Results tab.

For details about approval paths and notifications for changes to PAM containers, see Approvals for Changes to PAM Containers and Notifications About Changes to PAM Containers.