Managing Privileged Accounts

To open the Privileged Account Management page, use the Quicklink menu and select Manage Access > Privileged Account Management. A Quicklink card can also be enabled on the IdentityIQ home page for quicker access. See Adding a PAM Quicklink Card to the Home Page for details on how to enable this card.

The Privileged Account Management page shows all the PAM containers in your installation. The containers display the following information:

  • Container Name – the display name aggregated from the privileged account management application

  • Application – the name of the privileged account management application associated with this container

  • Total Identities – the total number of identities associated with the container either directly or through a group

  • Privileged Items – the number of privileged items to which this container grants access, these are usually privileged accounts

  • Groups – the number of groups associated with the container

  • Owner – the owner of this privileged account management container. An owner can be an individual or a workgroup. See PAM Container Owners for details about PAM container ownership.

The Add Container button lets you manually add containers. See Adding New PAM Containers Manually.

Finding PAM Containers

Use the Filter and Search options at the top of the page to find specific containers.

Viewing PAM Container Details

You can click View Details to see and edit details about identities and items in the container. The ability to view or make changes to this information is controlled using SailPoint rights and capabilities and through the configuration settings. Users with a PAM Administrator capability can edit containers and their contents; users with a PAM Viewer capability can only view containers and their contents. See Container Details.

Note: The identities and entitlements contained in your privileged account management system are available throughout the IdentityIQ product. For example, the identities are incorporated in the Identity Warehouse, the entitlements display in the Entitlement Catalog and are included in certain Certifications, requests are tracked through the lifecycle manager process, and provisioning transactions are listed in the Administrator Console.