Create an AnyIdentity PAM provider

To create an AnyIdentity PAM Provider, you first need to create a provider template or import an existing one. There already exists templates for a few providers.

The WinRM needs to be enabled for this to work.

Create an AnyIdentity Template

  1. In Devolutions Server, go to Administration – Privileged Access – Providers.
  2. Click on the AnyIdentity Templates button.
    Administration – Privileged Access – Providers – AnyIdentity Templates
    Administration – Privileged Access – Providers – AnyIdentity Templates
  3. Click Add to create a new template.
    Add a new AnyIdentity template
    Add a new AnyIdentity template
  4. In General, provide a Name (mandatory) and a Description (optional) for your new template. It is also possible to change the displayed icon.
  5. Three actions can be enabled, each with their own script. Check the boxes next to the ones that you want to implement.
    • Password rotation, to reset account passwords.
    • Heartbeat, to synchronize accounts.
    • Account discovery, for scanning.
      General settings
      General settings
  6. In Provider Properties and Account Properties, set the fields that the providers and accounts will implement. Add properties by clicking on the Add property button. For each property, provide a Name and a Type. Below is a list of the different types:
    • Boolean
    • Description (string)
    • Int
    • Password (string)
    • Sensitive Data (SecureString)
    • String
    • Unique Identifier (string)
    • Username (string)
      Provider and Account Properties
      Provider and Account Properties
  7. Check the Mandatory box next to a property if the fields are required for creation/editing.
  8. For each action that was enabled in the General section, go to the corresponding section in the left menu.
  9. Map the properties of the provider/account that the script needs to work by providing the following:
    • Name: Name of the variable in the script.
    • Source: If the value is provided by the provider or the account.
    • Property: The source property that will be injected into the script. If need be, you can add other script parameters.
      Actions parameters
      Actions parameters
  10. Insert the script of the action by either browsing on your computer to find it or manually editing the Script field. You can also generate a base script to build upon.
    Action Script
    Action Script
  11. Test your script once it is complete, then Save your new template. Your new AnyIdentity template has been created and can be found in the templates list. You can skip to Create an AnyIdentity Provider.

Import an AnyIdentity Template

You can access our public GitHub repository to find AnyIdentity PAM providers made by the Devolutions team and instructions on how to use them.

  1. In Devolutions Server, go to Administration – Privileged Access – Providers.
  2. Click on the AnyIdentity Templates button.
    Administration – Privileged Access – Providers – AnyIdentity Templates
    Administration – Privileged Access – Providers – AnyIdentity Templates
  3. Click on the Import button.
    Import an AnyIdentity Template
    Import an AnyIdentity Template
  4. Upload your .json file, then click on Import.
  5. Adapt the template settings if need be, then click on Save.

Your template has now been imported and can be found in the AnyIdentity Templates list.

Create an AnyIdentity PAM provider

Once your template has been created or imported, you are ready to create an AnyIdentity provider.

  1. Go to Administration – Privileged Access – Providers, then click Add.
    Administration – Privileged Access – Providers – Add
    Administration – Privileged Access – Providers – Add
  2. Go to AnyIdentity in the left menu, then select your new template in the list. Click Continue.
    AnyIdentity Template selection
    AnyIdentity Template selection
  3. In the Provider configuration page, provide a Name and a Username, as this information is mandatory. Then, if necessary, set the other options according to your needs.
    Provider configuration
    Provider configuration
  4. Click Save.

Your new AnyIdentity provider has been created and can be found in the providers list.

Give us Feedback