Provider reference a list of servers, from a folder in a vault instead of just one server.
Provider reference a list of servers, from a folder in a vault instead of just one server.
0 vote
It would be ideal to have a local windows provide be
able to reference a folder of server entries, so that the existing sync process
would be able to keep the list of servers updated, and the provider would be
able to reference the list.
I really don’t want to manage 2000 providers, and
since this is part of the migration from CyberArk, we need to have something
similar in Devolutions where a provider has list of servers with an PAM account
to change and a PAM account for access.
We have two different use cases, one where the
password needs to be different for every server/endpoint, and the other where
the password needs to be the same.
We are going towards the password being different, and
with PAM that seems possible, but that brings up another dimension for a PAM
account where there is a password per endpoint, instead of just one password
for all endpoints.
The other option would be to have the scan provide a list of servers that had the local account and have that stored in a vault/folder to be referenced.
All Comments (4)
The AnyIdentity provider 'Windows Accounts' supports an LDAP search criteria to target multiple servers
that is a good start, but that means that the directory needs to have info on where local accounts may be. Perhaps having the scan feature scan ldap servers for those that have the local account would be a way to target those servers. One issue we are attempting to address is locating new local accounts that may have been created by installation of software or application team deployments that are not under management and oversight.
The provider will find all local accounts on the servers scanned, just configure a 'scan configuration', and all detected local accounts will be listed and can then be imported to a vault.
The good thing about AnyIdentity templates, is you can customize the powershell script/s as needed
Hello,
As mentionned by @jm2, we have an AnyIdentity provider for Windows Local Accounts allowing you to get accounts from many machines. But correct me if I'm wrong, you would like to be able to manage all local accounts from machines existing on an Active Directory, am I right ? We would like to improve our Active Directory provider to be able to get all local accounts from all machines on the Active Directory. We would like also to create entries allowing you to open session directly on those machine. Would it work for you ?
Please let me know if I understood correctly your request.
Best regards,
François Dubois