Documentation Suite v11.0

POST PAM Providers

The POST /PamProviders method creates a new PAM provider. This method returns HTTP 200 OK on a success with details for the new provider.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/pam/modify/

/pam/modify/#/ (where # is a reference to a specific PAM provider ID)

Permissions for PAM providers and certificate stores can be set at either the global or PAM provider level. See PAM Permissions for more information about global vs PAM provider permissions.

Table 497: POST PamProviders Input Parameters

Name

Description

Name

Body

Required. A string indicating the name of the PAM provider. This name is used to identify the PAM provider throughout Keyfactor Command.

Important: The name you give to your PAM provider in Keyfactor Command must match the name of the PAM provider as referenced in the manifest.json file (see Installing Custom PAM Provider Extensions).

Area

Body

An integer indicating the area of Keyfactor Command the provider is used for. PAM providers generally have a value of 1, indicating they can be used for certificate stores.

Provider Type

Body

An object containing details about the provider type for the provider. Show provider type details.

Value

Description

A string indicating the Keyfactor Command reference GUID for the provider type.

Name

A string indicating the name of the provider type.

Provider Type Params

An array of objects indicating parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider records and records using PAM providers. Show provider type parameters.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type.

Name

A string indicating the internal name for the PAM provider type parameter.

Display Name

A string indicating the display name for the PAM provider type parameter. For provider types with an InstanceLevel of False, this name appears on the PAM provider dialog when a user creates a new PAM provider. For parameters with an InstanceLevel of True, this name appears on the dialog when a user creates a new record using the PAM provider (e.g. a new certificate store using PAM for authentication).

Data Type

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

Instance Level

A Boolean that sets whether the parameter is used to define the underlying PAM provider (False) or a field that needs to be set to a value when configuring a record (e.g. a certificate store) to use the PAM provider (True).

Example: For Delinea when defining a PAM provider, you configure two Delinea-specific fields:

Secret Server URL: The URL to the Secret Server vault instance, including port number if applicable (e.g. https://websrvr38 .keyexample.com/ SecretServer).
Secret Server Username: The name of the user that will be used to connect to SecretServer.
Secret Server Password: The password of the user that will be used to connect to SecretServer.

Because these fields are configured on the PAM provider definition, they appear as InstanceLevel=False like so:

{
   "Name": "Host",
   "DisplayName":"Secret Server URL", 
   "InstanceLevel":false,
   "DataType": "string"
},
{
   "Name":"Username",
   "DisplayName":"Secret Server Username", 
   "InstanceLevel":false,
   "DataType": "secret"
},
{
   "Name":"Password",
   "DisplayName":"Secret Server Password", 
   "InstanceLevel":false,
   "DataType": "secret"
}

When you configure a certificate store to use Delinea as a credential provider, you enter the name of the secret field in Delinea referencing the protected object and you enter the ID of the projected object containing the username or password used to access the certificate store. Because these fields are configured on the certificate store level, they appear as InstanceLevel=True like so:

{
   "Name":"SecretId",
   "DisplayName":"Secret Server Secret ID", 
   "InstanceLevel":true,
   "DataType": "string"
},
{
   "Name":"SecretFieldName",
   "DisplayName":"Secret Field Name", 
   "InstanceLevel":true,
   "DataType": "string"
}

In both cases, the values for the fields (e.g. the actual name of the object in Delinea where the password is stored) are stored in the ProviderTypeParamValues array.

Provider Type

An object containing details for the provider type. Show provider type details.

Value	Description
Id	A string indicating the Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type.
Provider Type Params	An array of objects indicating parameters that the provider type uses for data input in Keyfactor Command when creating new records.

Provider Type Param Values

Body

An array of objects containing the values for the provider types specified by ProviderTypeParams. Show provider type parameter value details.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Value

A string indicating the value set for the parameter (e.g. the name of the CyberArk folder where the protected object that stores the username or password resides).

Instance Id

An integer indicating the Keyfactor Command reference ID for the provider. If you are attaching to something with an integer Id, this will be used.

Instance Guid

A string indicating the Keyfactor Command reference GUID for the provider. If you are attaching to something with a GUID ID, this will be used.

Provider

An object containing information about the provider.

Provider Type Params

An object indicating parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records. Show provider type parameters.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Name

A string indicating the internal name for the PAM provider type parameter.

Display Name

A string indicating the display name for the PAM provider type parameter. For parameters with an InstanceLevel of False, this name appears on the PAM provider dialog for the parameter when a user creates a new PAM provider. For parameters with an InstanceLevel of True, this name appears on the Server dialog for the parameter when a user creates a new PAM provider.

Data Type

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

Instance Level

A Boolean that sets whether the parameter is used to define the underlying PAM provider (False) or a field that needs to be set to a value when configuring a certificate store to use the PAM provider (True).

See example, above.

Provider Type

An object containing details for the provider type. Show provider type details.

Value	Description
Id	The Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type parameter.
Provider Type Params	An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.

Secure Area Id

Body

An integer indicating the Keyfactor Command reference ID for the certificate store container the PAM provider is associated with, if any.

This is considered deprecated and may be removed in a future release.

Table 498: POST PamProviders Response Data

Name

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider. This ID is automatically set by Keyfactor Command.

Name

A string indicating the name of the PAM provider. This name is used to identify the PAM provider throughout Keyfactor Command.

Area

An integer indicating the area of Keyfactor Command the provider is used for. PAM providers generally have a value of 1, indicating they can be used for certificate stores.

Provider Type

An object containing details about the provider type for the provider. Show provider type details.

Value

Description

A string indicating the Keyfactor Command reference GUID for the provider type.

Name

A string indicating the name of the provider type.

Provider Type Params

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type.

Name

A string indicating the internal name for the PAM provider type parameter.

Display Name

Data Type

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

Instance Level

Example: For Delinea when defining a PAM provider, you configure two Delinea-specific fields:

Secret Server URL: The URL to the Secret Server vault instance, including port number if applicable (e.g. https://websrvr38 .keyexample.com/ SecretServer).
Secret Server Username: The name of the user that will be used to connect to SecretServer.
Secret Server Password: The password of the user that will be used to connect to SecretServer.

Because these fields are configured on the PAM provider definition, they appear as InstanceLevel=False like so:

{
   "Name": "Host",
   "DisplayName":"Secret Server URL", 
   "InstanceLevel":false,
   "DataType": "string"
},
{
   "Name":"Username",
   "DisplayName":"Secret Server Username", 
   "InstanceLevel":false,
   "DataType": "secret"
},
{
   "Name":"Password",
   "DisplayName":"Secret Server Password", 
   "InstanceLevel":false,
   "DataType": "secret"
}

{
   "Name":"SecretId",
   "DisplayName":"Secret Server Secret ID", 
   "InstanceLevel":true,
   "DataType": "string"
},
{
   "Name":"SecretFieldName",
   "DisplayName":"Secret Field Name", 
   "InstanceLevel":true,
   "DataType": "string"
}

In both cases, the values for the fields (e.g. the actual name of the object in Delinea where the password is stored) are stored in the ProviderTypeParamValues array.

Provider Type

An object containing details for the provider type. Show provider type details.

Value	Description
Id	A string indicating the Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type.
Provider Type Params	An array of objects indicating parameters that the provider type uses for data input in Keyfactor Command when creating new records.

Provider Type Param Values

An array of objects containing the values for the provider types specified by ProviderTypeParams. Show provider type parameter value details.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Value

A string indicating the value set for the parameter (e.g. the name of the CyberArk folder where the protected object that stores the username or password resides).

Instance Id

An integer indicating the Keyfactor Command reference ID for the provider. If you are attaching to something with an integer Id, this will be used.

Instance Guid

A string indicating the Keyfactor Command reference GUID for the provider. If you are attaching to something with a GUID ID, this will be used.

Provider

An object containing information about the provider.

Provider Type Params

An object indicating parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records. Show provider type parameters.

Value

Description

An integer indicating the Keyfactor Command reference ID for the PAM provider type parameter.

Name

A string indicating the internal name for the PAM provider type parameter.

Display Name

Data Type

An integer indicating the data type for the parameter. Possible values are:

1 = String
2 = Secret

Instance Level

See example, above.

Provider Type

An object containing details for the provider type. Show provider type details.

Value	Description
Id	The Keyfactor Command reference GUID for the PAM provider type parameter.
Name	A string indicating the internal name for the PAM provider type parameter.
Provider Type Params	An array of parameters that the provider type uses for data input in Keyfactor Command when creating new PAM provider and certificate store records.

Secure Area Id

An integer indicating the Keyfactor Command reference ID for the certificate store container the PAM provider is associated with, if any.

This is considered deprecated and may be removed in a future release.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Version 11.0

On this page: