Create a custom PAM provider from a template

Create a custom PAM provider from a template by following the steps below.

  1. To create the provider, first navigate to Administration – Privileged access in Devolutions Server and select Providers. Administration – Privileged access – Providers

  2. Click on the + sign to add a provider. Add a provider

  3. Select Custom and then choose your template. An existing provider template named Windows Local Accounts is displayed here. Select an  provider

  4. Define a name and provide values for all of the provider properties.Provider properties

Custom PAM providers are designed for connecting to a single identity provider endpoint. It is generally recommended to create one custom PAM provider per identity provider.

After providing values for all of the provider properties, there is an option to add a PAM vault for the provider or to add a scan configuration. By default, Add PAM vault is selected. See Scan configuration to learn about adding a scan configuration.

Add PAM vault
Add PAM vault

On this page, a credential can also be specified to run all actions under, or a specific Windows host can be designated to execute the actions.

Credential and Windows host
Credential and Windows host

By default, a custom PAM provider executes all actions on Devolutions Server under the NETWORK SERVICE user account. If a username and password are specified under Run as, custom PAM providers will first attempt to authenticate to the Devolutions Server using that user account and execute all action scripts under that account. If a Host name is specified, the custom PAM provider assumes a remote Windows host and will attempt to run all action scripts locally on that host via PowerShell remoting.

Finally, under Settings, a custom password policy can be provided, if necessary. All available custom password policies can be found under AdministrationPassword policies. When the password rotation action runs, it will use the password policy defined here to generate a new password.

Password policy
Password template

See also

Devolutions Forum logo Give us Feedback