Bomgar Privileged Access Management and Bomgar Vault Integration Guide

When Bomgar Vault is integrated with Bomgar Privileged Access Management (PAM), privileged access sessions become more secure due to Vault's seamless credential injection. This helps companies secure shared credentials for privileged users as well as manage and rotate passwords for privileged accounts to improve security and compliance.

Workflow Summary

  • Confirm the location in which you will install the Endpoint Credential Manager (ECM).
    • Ensure the ECM can connect to the PAM server over port 443.
    • Ensure the ECM can connect to the Vault server over port 443.
    • Use a static IP for the machine where the ECM resides.

Note: Vault whitelists access based on IP address.

  • Set up the prerequisites.
    • Create an admin account in PAM as a service account.
    • Enable the API in Vault and add the IP address of the system where the ECM will be located.
  • Install the ECM.
    • Set up the PAM information.
    • Install the Vault plugin in the ECM.
    • Configure the Vault connection information in the plugin.
  • Test the connection and troubleshoot issues as necessary.

Privileged Access Management Prerequisites

  • Vault integration requires PAM version 15.3.2 or higher.
  • Create an API administrator account, if one does not already exist.

Note: This user must be a PAM system administrator.

  • Ensure domain authentication to PAM is functional. For more information, see Security Providers.
  • Ensure that at least one endpointremote system is configured in PAM and that you can connect to it.

Vault Prerequisites