0 votes

Can I manage the user that is user by Adaxes to connect to Active Directory with Privilege Access Management (PAM)?

Since this user can change user's password, attribute, etc it become critical. We would like to manage this user so that PAM can change/rotate the password periodically

by (170 points)

1 Answer

0 votes
by (233k points)

Hello,

All operations in a domain managed by Adaxes are performed using the account specified for the domain. You can configure PAM to automatically change/rotate the password of the account, however, it will require updating the password in Adaxes as well. For information on how to do that, have a look at the following help article: https://www.adaxes.com/help/ChangeManagedDomainServiceAccount.

0

Hello,

So I will need to update the password periodically in Adaxes as well?

Is there any way to call REST API to PAM from Adaxes?

0

Hello,

So I will need to update the password periodically in Adaxes as well?

Yes, that is correct.

Is there any way to call REST API to PAM from Adaxes?

It should be possible using a PowerShell script. The following Microsoft article might be helpful: https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/privileged-access-management-rest-api-reference.

0

the question the, can we change ChangeManagedDomainServiceAccount through API?

So Adaxes will call the API from PAM. Can powershell inject credentials to Adaxes?

0

Hello,

Sorry for the confusion, but we are not sure of the workflow you want to have. Please, describe it in all the possible details with step-by-step live examples.

For your information, it is possible to use a script to update credentials of a managed domain in Adaxes: https://adaxes.com/sdk/SampleScripts.ChangingCredentialsForManagedDomain.

0

here is the live example.

to connect to AD from Adaxes we user some credentials let say AdaxesAdmin.

There's a policy that every username that has admininistrator capability has to managed by PAM, so PAM will rotate the password periodically for example every one month. Once this password managed by PAM, we need to request the current password to PAM.

So, if AdaxesAdmin is managed by PAM, is there anyway to re-inject this new password to Adaxes automatically?

0

Hello,

You can use the following script to update credentials of a domain managed by Adaxes: https://adaxes.com/sdk/SampleScripts.ChangingCredentialsForManagedDomain. Unfortunately, we were not able to find any information on PAM being able to make API requests automatically when rotating a user password. We recommend you to check that with Microsoft support. If there is no such possibility, then you can execute the script manually when required.

Related questions

0 votes
1 answer

I want to make a custom field in which you can select a person from the active directory, is this possible? For example, as in the field manager

asked Nov 18 by Alvares (80 points)
0 votes
1 answer

I need a list of all the URLs that Adaxes creates in IIS on the server Adaxes is installed on.

asked Feb 6, 2020 by DaralenManta (20 points)
0 votes
1 answer

It's possible to integrate ADAXES with HR Solution to create user in active directory ?

asked Feb 14, 2020 by babid (20 points)
0 votes
1 answer

Or is there another solution to solve this?

asked Sep 15 by boris (260 points)
0 votes
0 answers

You do not need to create a trust between AD domains to manage them with an Adaxes service. When registering an AD domain, an account with administrative permissions ... control the user access to the managed resources, the Adaxes service uses Security Roles.

asked Apr 29, 2009 by Adaxes (520 points)
2,880 questions
2,600 answers
6,751 comments
116,791 users