Documentation Suite v11.0

GET PAM Providers ID

The GET /PamProviders/{id} method is used to return a PAM provider by ID. This method returns HTTP 200 OK on a success with details about the specified PAM provider.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/pam/read/

/pam/read/#/ (where # is a reference to a specific PAM provider ID)

Permissions for PAM providers can be set at either the global or PAM provider level. See PAM Permissions for more information about global vs PAM provider permissions.

Table 491: GET PamProviders {id} Input Parameters

Name	In	Description
id	Path	Required. The Keyfactor Command reference ID of the PAM provider to retrieve. Use the GET /PAM/Providers method (see GET PAM Providers) to retrieve a list of all the PAM providers to determine the provider's ID.

Name

Description

Path

Required. The Keyfactor Command reference ID of the PAM provider to retrieve.

Use the GET /PAM/Providers method (see GET PAM Providers) to retrieve a list of all the PAM providers to determine the provider's ID.

Table 492: GET PamProviders {id} Response Data

Name

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider. This ID is automatically set by Keyfactor Command.

Name

A string indicating the name of the PAM provider. This name is used to identify the PAM provider throughout Keyfactor Command.

Area

An integer indicating the area of Keyfactor Command the provider is used for. PAM providers generally have a value of 1, indicating they can be used for certificate stores.

Provider Type

An object containing details about the provider type for the provider. Show provider type details.

Value

Description

A string indicating the Keyfactor Command reference GUID for the provider type.

Name

A string indicating the name of the provider type.

Provider Type Params

An array of objects indicating parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider records and records using PAM providers. Show provider type parameters.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type.

Name

A string indicating the internal name for the PAM provider type parameter.

Display Name

A string indicating the display name for the PAM provider type parameter. For provider types with an InstanceLevel of False, this name appears on the PAM provider dialog when a user creates a new PAM provider. For parameters with an InstanceLevel of True, this name appears on the dialog when a user creates a new record using the PAM provider (e.g. a new certificate store using PAM for authentication).

Data Type

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

Instance Level

A Boolean that sets whether the parameter is used to define the underlying PAM provider (False) or a field that needs to be set to a value when configuring a record (e.g. a certificate store) to use the PAM provider (True).

Example: For Delinea when defining a PAM provider, you configure two Delinea-specific fields:

Secret Server URL: The URL to the Secret Server vault instance, including port number if applicable (e.g. https://websrvr38 .keyexample.com/ SecretServer).
Secret Server Username: The name of the user that will be used to connect to SecretServer.
Secret Server Password: The password of the user that will be used to connect to SecretServer.

Because these fields are configured on the PAM provider definition, they appear as InstanceLevel=False like so:

{
   "Name": "Host",
   "DisplayName":"Secret Server URL", 
   "InstanceLevel":false,
   "DataType": "string"
},
{
   "Name":"Username",
   "DisplayName":"Secret Server Username", 
   "InstanceLevel":false,
   "DataType": "secret"
},
{
   "Name":"Password",
   "DisplayName":"Secret Server Password", 
   "InstanceLevel":false,
   "DataType": "secret"
}

When you configure a certificate store to use Delinea as a credential provider, you enter the name of the secret field in Delinea referencing the protected object and you enter the ID of the projected object containing the username or password used to access the certificate store. Because these fields are configured on the certificate store level, they appear as InstanceLevel=True like so:

{
   "Name":"SecretId",
   "DisplayName":"Secret Server Secret ID", 
   "InstanceLevel":true,
   "DataType": "string"
},
{
   "Name":"SecretFieldName",
   "DisplayName":"Secret Field Name", 
   "InstanceLevel":true,
   "DataType": "string"
}

In both cases, the values for the fields (e.g. the actual name of the object in Delinea where the password is stored) are stored in the ProviderTypeParamValues array.

Provider Type

An object containing details for the provider type. Show provider type details.

Value	Description
Id	A string indicating the Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type.
Provider Type Params	An array of objects indicating parameters that the provider type uses for data input in Keyfactor Command when creating new records.

Provider Type Param Values

An array of objects containing the values for the provider types specified by ProviderTypeParams. Show provider type parameter value details.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Value

A string indicating the value set for the parameter (e.g. the name of the CyberArk folder where the protected object that stores the username or password resides).

Instance Id

An integer indicating the Keyfactor Command reference ID for the provider. If you are attaching to something with an integer Id, this will be used.

Instance Guid

A string indicating the Keyfactor Command reference GUID for the provider. If you are attaching to something with a GUID ID, this will be used.

Provider

An object containing information about the provider.

Provider Type Params

An object indicating parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records. Show provider type parameters.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Name

A string indicating the internal name for the PAM provider type parameter.

Display Name

A string indicating the display name for the PAM provider type parameter. For parameters with an InstanceLevel of False, this name appears on the PAM provider dialog for the parameter when a user creates a new PAM provider. For parameters with an InstanceLevel of True, this name appears on the Server dialog for the parameter when a user creates a new PAM provider.

Data Type

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

Instance Level

A Boolean that sets whether the parameter is used to define the underlying PAM provider (False) or a field that needs to be set to a value when configuring a certificate store to use the PAM provider (True).

See example, above.

Provider Type

An object containing details for the provider type. Show provider type details.

Value	Description
Id	The Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type parameter.
Provider Type Params	An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.

Secure Area Id

An integer indicating the Keyfactor Command reference ID for the certificate store container the PAM provider is associated with, if any.

This is considered deprecated and may be removed in a future release.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Version 11.0

On this page: