Privileged Account Management Tasks: Aggregation, Indexing, and Refresh

Once your PAM applications have been configured to connect to your PAM vendors, and your PAM global settings have been configured, you can aggregate data from your PAM vendor systems. Data is aggregated using tasks. In addition to data aggregation tasks, tasks for indexing effective access and for updating identities should be configured for PAM.

The following tasks are required for the PAM feature, and should be run in this sequence:

• Account Aggregation – this task aggregates PAM accounts from your PAM vendor. Other than setting the PAM application as the application to scan, there are no other specific options you need to select specifically for PAM; you can choose Account Aggregation Options that suit your business needs.

• Account Group Aggregation – this task aggregates group information from your PAM vendor. Other than setting the PAM application as the application to scan, there are no other specific options you need to select specifically for PAM; you can choose Account Group Aggregation Options that suit your business needs.

• Target Aggregation – this task aggregates data about PAM vaults and the rights that users have to those vaults. Configure the task to select your PAM Target Source (that is, the Unstructured Target Collector you configured when setting up your PAM application) as the target source to aggregate.

• Effective Access Indexing – this task refreshes the effective access privileges on the PAM containers; that is, container access that is granted by virtue of membership in a group. Check the Index Entitlement Targets and Index unstructured targets options when running this task for PAM.

• Identity Refresh – this task refreshes identities with relevant PAM group and permissions data. For PAM, run this task with the Refresh Identity Entitlements for all links selected.

Refer to Tasks for detailed information on defining tasks.