PUT PAM Providers

Documentation Suite v10.5

PUT PAM Providers

The PUT /PamProviders method updates an existing PAM provider. This method returns HTTP 200 OK on a success with details for the updated provider.

Tip: The following permissions (see Security Overview) are required to use this feature:

CertificateStoreManagement: Modify

PrivilegedAccessManagement: Modify

SystemSettings: Read

Important: Any previously populated fields that are not submitted with their full existing data using this method will be cleared of their existing data. When using this method, you should first do a GET to retrieve all the values for the record you want to update, enter corrected data into the field(s) you want to update, and then submit all the fields using PUT, including the fields that contain values but which you are not changing.

Table 404: PUT PamProviders Input Parameters

Name

Description

Body

Required. An integer indicating the Keyfactor Command reference ID for the PAM provider. This ID is automatically set by Keyfactor Command.

Name

Body

Required. A string indicating the name of the PAM provider. This name used to identify the PAM provider throughout Keyfactor.

Area

Body

An integer indicating the area of Keyfactor Command the provider is used for. PAM providers generally have a value of 1, indicating they are used for certificate stores.

ProviderType

Body

An array containing details about the provider type for the provider.

Value

Description

A string indicating the Keyfactor Command reference GUID for the provider type.

Name

A string indicating the name of the provider type.

ProviderTypeParams

An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Name

A string indicating the internal name for the PAM provider type parameter.

DisplayName

A string indicating the display name for the PAM provider type parameter. For parameters with an InstanceLevel of False, this name appears on the PAM provider dialog for the parameter when a user creates a new PAM provider. For parameters with an InstanceLevel of True, this name appears on the Server dialog for the parameter when a user creates a new PAM provider.

DataType

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

InstanceLevel

A Boolean that sets whether the parameter is used to define the underlying PAM provider (False) or a field that needs to be set to a value when configuring a certificate store to use the PAM provider (True).

Example: For CyberArk when defining a PAM provider, you configure two CyberArk-specific fields:

PrivateArk Safe: The name of the safe in CyberArk containing the certificate store password you wish to use.
Application ID: The name of the application created in CyberArk for use with Keyfactor Command.

Because these fields are configured on the PAM provider definition, they appear as InstanceLevel=False like so:

{
   "Id": 1,
   "Name": "Safe",
   "DisplayName": "PrivateArk Safe",
   "DataType": 1,
   "InstanceLevel": false,
   "ProviderType": null
},
{
   "Id": 4,
   "Name": "AppId",
   "DisplayName": "Application ID",
   "DataType": 1,
   "InstanceLevel": false,
   "ProviderType": null
}

When you configure a certificate store to use CyberArk as a credential provider, you enter the name of the folder in the CyberArk safe where the protected object is stored and you enter the name of the projected object in the CyberArk safe containing the username or password used to access the certificate store. Because these fields are configured on the certificate store level, they appear as InstanceLevel=True like so:

{
   "Id": 2,
   "Name": "Folder",
   "DisplayName": "PrivateArk Folder Name",
   "DataType": 1,
   "InstanceLevel": true,
   "ProviderType": null
},
{
   "Id": 3,
   "Name": "Object",
   "DisplayName": "PrivateArk Protected Password Name",
   "DataType": 1,
   "InstanceLevel": true,
   "ProviderType": null
}

In both cases, the values for the fields (e.g. the actual name of the object in CyberArk where the password is stored) are stored in the ProviderTypeParamValues array.

ProviderType

An array containing details for the provider type.

Value	Description
Id	The Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type parameter.
ProviderTypeParams	An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.

ProviderTypeParamValues

Body

An array containing the values for the provider types specified by ProviderTypeParams.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Value

A string indicating the value set for the parameter (e.g. the name of the CyberArk folder where the protected object that stores the username or password resides).

InstanceId

An integer indicating the Keyfactor Command reference ID for the provider. If you are attaching to something with an integer Id, this will be used.

InstanceGuid

A string indicating the Keyfactor Command reference GUID for the provider. If you are attaching to something with a GUID ID, this will be used.

Provider

An array containing information about the provider.

ProviderTypeParams

An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Name

A string indicating the internal name for the PAM provider type parameter.

DisplayName

DataType

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

InstanceLevel

See example, above.

ProviderType

An array containing details for the provider type.

Value	Description
Id	The Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type parameter.
ProviderTypeParams	An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.

SecureAreaId

Body

An integer indicating the Keyfactor Command reference ID for the certificate store container the PAM provider is associated with, if any.

You can create a single PAM provider for each provider type (e.g. CyberArk), however, if you have opted to organize your certificate stores into containers, you will need to create multiple providers to match your container organization structure. The container field in the PAM provider definition is not required, but if one is supplied when creating a PAM provider, the PAM provider can only be used with certificate stores in the matching container. Likewise, a PAM provider defined with no container would be available for selection when setting passwords for any certificate store that also did not specify a container. A PAM provider configured in this way could be used across a variety of certificate stores (e.g. both JKS and F5) as long as they were not in containers.

Table 405: PUT PamProviders Response Data

Name

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider. This ID is automatically set by Keyfactor Command.

Name

A string indicating the name of the PAM provider. This name used to identify the PAM provider throughout Keyfactor.

Area

An integer indicating the area of Keyfactor Command the provider is used for. PAM providers generally have a value of 1, indicating they are used for certificate stores.

ProviderType

An array containing details about the provider type for the provider. Show provider type details.

Value

Description

A string indicating the Keyfactor Command reference GUID for the provider type.

Name

A string indicating the name of the provider type.

ProviderTypeParams

An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records. Show provider type parameters.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Name

A string indicating the internal name for the PAM provider type parameter.

DisplayName

DataType

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

InstanceLevel

Example: For CyberArk when defining a PAM provider, you configure two CyberArk-specific fields:

PrivateArk Safe: The name of the safe in CyberArk containing the certificate store password you wish to use.
Application ID: The name of the application created in CyberArk for use with Keyfactor Command.

Because these fields are configured on the PAM provider definition, they appear as InstanceLevel=False like so:

{
   "Id": 1,
   "Name": "Safe",
   "DisplayName": "PrivateArk Safe",
   "DataType": 1,
   "InstanceLevel": false,
   "ProviderType": null
},
{
   "Id": 4,
   "Name": "AppId",
   "DisplayName": "Application ID",
   "DataType": 1,
   "InstanceLevel": false,
   "ProviderType": null
}

{
   "Id": 2,
   "Name": "Folder",
   "DisplayName": "PrivateArk Folder Name",
   "DataType": 1,
   "InstanceLevel": true,
   "ProviderType": null
},
{
   "Id": 3,
   "Name": "Object",
   "DisplayName": "PrivateArk Protected Password Name",
   "DataType": 1,
   "InstanceLevel": true,
   "ProviderType": null
}

In both cases, the values for the fields (e.g. the actual name of the object in CyberArk where the password is stored) are stored in the ProviderTypeParamValues array.

ProviderType

An array containing details for the provider type. Show provider type details.

Value	Description
Id	The Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type parameter.
ProviderTypeParams	An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.

ProviderTypeParamValues

An array containing the values for the provider types specified by ProviderTypeParams. Show provider type parameter value details.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Value

A string indicating the value set for the parameter (e.g. the name of the CyberArk folder where the protected object that stores the username or password resides).

InstanceId

An integer indicating the Keyfactor Command reference ID for the provider. If you are attaching to something with an integer Id, this will be used.

InstanceGuid

A string indicating the Keyfactor Command reference GUID for the provider. If you are attaching to something with a GUID ID, this will be used.

Provider

An array containing information about the provider.

ProviderTypeParams

An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records. Show provider type parameters.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Name

A string indicating the internal name for the PAM provider type parameter.

DisplayName

DataType

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

InstanceLevel

See example, above.

ProviderType

An array containing details for the provider type. Show provider type details.

Value	Description
Id	The Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type parameter.
ProviderTypeParams	An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.

SecureAreaId

An integer indicating the Keyfactor Command reference ID for the certificate store container the PAM provider is associated with, if any.

Tip: For code examples, see the Keyfactor API Endpoint Utility. To find the embedded web copy of this utility, click the help icon (

) at the top of the Keyfactor Command Management Portal page next to the Log Out button.

PUT PAM Providers

Products

Resources

Company