Configure the Integration

  1. Ensure both products work separately.
    • In PAM, ensure that users are able to see the desired devices. Verify that you can Jump to the devices without any issues.
    • Note: You need the ability to log into PAM using domain authentication.
    • In Vault, ensure that users are able to see the desired credentials. Verify that your credentials can be checked out and that the passwords work.
    • Note: You need the ability to log into Vault using domain authentication.
  2. Configure Vault to allow the desired users to access devices and credentials.
    • In Vault, create the same endpoints that exist in PAM.

important

The endpoint names must match exactly the endpoints listed in PAM. If your PAM endpoints show NetBIOS, use NetBIOS. If they exist as fully qualified names, use those. Usernames in PAM must match those in Vault (with the exception of local users), including the domain name.

  1. In Vault, create an endpoint group(s).
  2. Assign the desired endpoints, user groups, and credentials to the endpoint group; the PAM user may then be allowed to check out credentials. For more information, please see Bomgar Vault Endpoint Groups .

For more information about the PAM access console , see the Access Console User Guide .

Ensure that the API is Enabled in Vault

  1. In Bomgar Vault, go to Credentials > Credentials or Credentials > Credential Group and edit the credential or credential group.
  2. Verify that the credential or credential group checkout policy is set to either This credential can only be checked out by Privileged Access Management or Allow both.

For more information about configuring the checkout policies in Vault, please see Add Credentials.