Import an AnyIdentity PAM provider by following the steps below.
- To create the provider, first navigate to Administration – Privileged access in Devolutions Server and select Providers.
- Click on the + sign to add a provider.
- Select AnyIdentity and then choose your template. An existing provider template named Windows Local Accounts is displayed here.
- Define a name and provide values for all of the provider properties.
AnyIdentity providers are designed for connecting to a single identity provider endpoint. It is generally recommended to create one AnyIdentity provider per identity provider.
After providing values for all of the provider properties, there is an option to add a PAM vault for the provider or to add a scan configuration. By default, Add PAM vault is selected. See Scan configuration to learn about adding a scan configuration.
On this page, a credential can also be specified to run all actions under, or a specific Windows host can be designated to execute the actions.
By default, an AnyIdentity provider executes all actions on Devolutions Server under the NETWORK SERVICE user account. If a username and password are specified under Run as, AnyIdentity will first attempt to authenticate to the Devolutions Server using that user account and execute all action scripts under that account. If a Host name is specified, AnyIdentity assumes a remote Windows host and will attempt to run all action scripts locally on that host via PowerShell remoting.
Finally, under Settings, a custom password template can be provided, if necessary. All available custom password templates can be found under Administration – Password templates. When the password rotation action runs, it will use the password template defined here to generate a new password.