GET PAM Providers Types ID (v2)

The GET /PamProviders/Types/{id} method returns the PAM provider type with the specified ID. This method returns HTTP 200 OK on a success with details about the specified PAM provider type. This method has only a v2 version.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/pam/read/

/pam/read/#/ (where # is a reference to a specific PAM provider ID)

Permissions for PAM providers can be set at either the global or PAM provider level. See PAM Permissions for more information about global vs PAM provider permissions.

Table 605: GET PamProviders Types {id} v2 Input Parameters

Name	In	Description
id	Path	Required. The Keyfactor Command reference ID for the PAM provider to be deleted. Use the GET /PamProviders method (see GET PAM Providers) to retrieve a list of all the PAM providers to determine the PAM provider's ID.

Table 606: GET PamProviders Types {id} v2 Response Data

Name Description

Id A string containing the Keyfactor Command reference GUID for the PAM provider type.

Name A string containing the name of the PAM provider type.

Parameters

An array of objects containing parameters set for the PAM provider type. Show parameter details.

Value

Description

An integer indicating the ID of the parameter. Parameters will vary depending on your PAM extension. Show built-in parameter values.

Value	Description
1	Private Ark Safe
2	PrivateArk Folder Name
3	PrivateArk Protected Password Name
4	Application ID
5	Secret Server Url
6	Rule Name
7	Thycotic Secret ID
8	Rule Key

Name

A string indicating the internal name for the PAM parameter.

Display Name

A string indicating the display name for the PAM parameter. For parameters with an InstanceLevel of False, this name appears on the PAM provider dialog when a user creates a new PAM provider. For parameters with an InstanceLevel of True, this name appears on the dialog when a user creates a new record using the PAM provider (e.g. a new certificate store using PAM for authentication).

DataType

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

Instance Level

A Boolean that sets whether the parameter is used to define the underlying PAM provider (false) or a field that needs to be set to a value when configuring a record (e.g. a certificate store) to use the PAM provider (true).

Example: For Delinea when defining a PAM provider, you configure two Delinea-specific fields:

Secret Server URL: The URL to the Secret Server vault instance, including port number if applicable (e.g. https://websrvr38.keyexample.com/SecretServer).
Secret Server Username: The name of the user that will be used to connect to SecretServer.
Secret Server Password: The password of the user that will be used to connect to SecretServer.

Because these fields are configured on the PAM provider definition, they appear as InstanceLevel=False like so:

Copy

{
   "Name": "Host",
   "DisplayName":"Secret Server URL", 
   "InstanceLevel":false,
   "DataType": "1
},
{
   "Name":"Username",
   "DisplayName":"Secret Server Username", 
   "InstanceLevel":false,
   "DataType": 2
},
{
   "Name":"Password",
   "DisplayName":"Secret Server Password", 
   "InstanceLevel":false,
   "DataType": 2
}

When you configure a certificate store to use Delinea as a credential provider, you enter the name of the secret field in Delinea referencing the protected object and you enter the ID of the projected object containing the username or password used to access the certificate store. Because these fields are configured on the certificate store level, they appear as InstanceLevel=True like so:

Copy

{
   "Name":"SecretId",
   "DisplayName":"Secret Server Secret ID", 
   "InstanceLevel":true,
   "DataType": 1
},
{
   "Name":"SecretFieldName",
   "DisplayName":"Secret Field Name", 
   "InstanceLevel":true,
   "DataType": 1
}

In both cases, the values for the fields (e.g. the actual name of the object in Delinea where the password is stored) are stored in the ProviderTypeParamValues array.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Was this page helpful? Provide Feedback

Version v25.1.1

On this page: