PAM Provider Configuration in Keyfactor Command

Any privilege access management (PAMClosed PAM (Privileged Access Management): Controls privileged access by vaulting credentials, enforcing least-privilege/just-in-time access, rotating secrets, and auditing sessions. Across Keyfactor products, PAM protects diverse sensitive operations and secrets—for example certificate stores and CA credentials—via built-in or third-party providers; external integrations are delivered as custom PAM extensions (several published on Keyfactor’s public GitHub).) providers you wish to configure for use with Keyfactor Command must be defined first on the PAM Providers page before they can used within Keyfactor Command. Keyfactor Command supports local Keyfactor Command PAM databases and provides support for multiple third-party PAM providers with custom-built PAM extensions available on the Keyfactor GitHub:

Third-party PAM providers can either be local (server side) or remote (client side). When configured locally, the configuration information to connect to the PAM provider exists on the Keyfactor Command server and the PAM provider must be routable from the Keyfactor Command server (for example, on the same network) to retrieve secret information. When configured remotely, the configuration information to connect to the PAM provider exists on the Keyfactor Universal OrchestratorClosed The Keyfactor Universal Orchestrator, one of Keyfactor's suite of orchestrators, is used to interact with servers and devices for certificate management, run SSL discovery and management tasks, and manage synchronization of certificate authorities in remote forests. With the addition of custom extensions, it can provide certificate management capabilities on a variety of platforms and devices (e.g. Amazon Web Services (AWS) resources, Citrix\NetScaler devices, F5 devices, IIS stores, JKS keystores, PEM stores, and PKCS#12 stores) and execute tasks outside the standard list of certificate management functions. It runs on either Windows or Linux servers or Linux containers. managing the certificate stores using the PAM provider and the PAM provider must be routable from the Universal OrchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores..

Tip:  The following permissions (see Security Roles and Claims) are required to use this feature:

PAM > Modify
AND
PAM > Read
AND
Certificate Stores > Modify

Permissions for certificate stores can be set at the system-wide level or with fine-grained control at the certificate store container level. See Container Permissions for more information about the differences between system-wide and more targeted permissions.