External PAM Configurations

The External PAM Configurations provide options for System Admins to integrate their existing Privileged Access Management (PAM) providers into their VPAM server. From this page, you can configure or create a new External PAM Server Configuration. The currently supported PAMs are:

  • HashiCorp

  • Delinea

  • CyberArc

  • Imprivata PAM

  • Beyond Trust

PAM Server Configurations

The Privileged Access Management (PAM) Server Configurations are used by PAM providers to connect to remote, third party PAM servers and vaults.

An Administrator can only create Global PAM configurations, which assume that the remote PAM vault is directly accessible by the VPAM Server.

Customer users, particularly Gatekeeper or Application administrators, can create PAM Configurations that use one of their managed Sites as a tunnel for the PAM provider to reach the vault, allowing the VPAM server to use vaults that reside within that Customer's networks and would otherwise be unreachable.

When creating PAM Configurations, administrators need to provide a Name, a Description, and a URL that the server uses to make its requests. This endpoint must be accessible from the VPAM server. Along with those configurations, administrators must select a PAM provider that is currently loaded into the server, and configure its required Connection Parameters as specified.

IMPORTANT:
Delinea (previously Thycotic) Secret Server is rolling out a new platform that is not currently supported to integrate with VPAM. To configure a secret and credentials plugin, consider an alternative while we integrate with Delinea Secret Server. For more information, navigate to:
NOTE:
After you configure the External PAM Configurations, these settings persist during the upgrades to the VPAM server. and they persist f your External PAM releases a new version.