IdP

Restart-WebAppPool Indeed.Idp

Go to C:\inetpub\wwwroot\pam\idp folder and edit appsettings.json file:

ConnectionStrings

• DefaultConnection - database connection string IPAMIdP

Connection String parameters:

• Server - the name of Microsoft SQL Server or its named instance
• Database -the name of database (IPAMIdP)User ID - is the service account to use with Indeed PAM databases

• Password - the password for that service account

  "ConnectionStrings": {
    "DefaultConnection": "Server=sql.domain.local; Database=IPAMIdP; Integrated Security=False; User ID=IPAMSQLServiceOps; Password=password"
  }, 

"DefaultConnection": "Server=sql\\instance; ..."

Database

In the Provider section, select the DBMS connection provider:

• mssql - for the MS SQL Server
• pgsql - for the PostgreSQL Pro

IdentitySettings

• AdminSids - SID of the user to get access to administrator console and the Roles management. If there are several of them, then the SIDs must be divided by comma
• IdpUrls - are Indeed IdP URL addresses
• Lang - the user interface language of the component, set it to "en" value
• GatewaySecret - Hash for PAM Gateway component authentication

• ConsoleAppClientSecret - Hash for Console App utility authentication

• SshProxyClientSecret - Hash for SSH Proxy component authentication
  

• CoreApiSecret - Hash for PAM Core component authentication
  

• IdpApiSecret - Secret for Idp component authentication
  1. Go to Indeed.PAM\Misc\ConsoleApp folder
  2. Run Command Prompt (CMD)
  3. Execute Pam.ConsoleApp.exe generate-secret
  4. Use secret and hash values

• Enable2FaCacheForClients - List of client IDs for which the 2nd factor caching will work

• SecondFaCacheLifetimeSeconds - 2nd factor caching time in seconds
  List of available client ids -
  

  • "console-app"
  • "ssh-proxy-app"
  • "pam-management-console"
  • "pam-user-console"

  • "pam-gateway"

  • "pam-remote-client"

"IdentitySettings":{
	"AdminSids": [ 
		"S-1-5-21-1487179672-2651565253-5257550508-0000", 
		"S-1-5-21-1487179672-2651565253-5257550508-0001" 
	],
	"IdpUrls": [ "https://pam.domain.local/pam/idp" ],
    "Lang": "en",
    "SigningCertificate": "",
    "GatewaySecret": "N2u7dSLd5f8BmLHe5BImaOg7HWb9gCeKdTGCIC0iy9o=",
    "ConsoleAppClientSecret": "",
    "SshProxyClientSecret": "pgJSv8V5+mWMEecN3e6Lvp/pWBlbOOdiAuaU4nYvtv4=",
    "CoreApiSecret": "m2Ux/xH/uifL5xuILdkChgwyyZDDY8DacwHMUgURs7k=",
    "IdpApiSecret": "yGJHfNmHT0EX5GidmZ0GxChcqWLPx8HxXAyefo8eUWb6azPnBZIhQ5J1twyA3S+fomKeJpYbxHgQqyRilGadWg==",
    "RemoteInstallerClientSecret": "",
    "Enable2FaCacheForClients": [ "pam-management-console" ],
    "SecondFaCacheLifetimeSeconds": 60
  },

Encryption

• Algorithm - data encryption algorithm in the IDP database

• Key - data encryption key in the IDP database
  

    "Encryption": {
      "Algorithm": "AES",
      "Key": "3227cff10b834ee60ad285588c6510ea1b4ded5b24704cf644a51d2a9db3b7e5"
    },

  The encryption key is generated by the IndeedPAM.KeyGen.exe utility, which is included in the Indeed PAM distribution kit and is located in the /Misc directory.

PamSettings

• ManagementConsoleUrls - URL of PAM Management Console
• UserConsoleUrls - URL of PAM User Console
• CoreUrls - URL of PAM Core

• SessionLifetime - maximum duration of a user session in seconds
  

    "PamSettings": {
      "ManagementConsoleUrls": [ "https://pam.domain.local/pam/mc" ],
      "UserConsoleUrls": [ "https://pam.domain.local/pam/uc" ],
      "CoreUrls": [ "https://pam.domain.local/pam/core" ],
      "SessionLifetime": 43200
    },

UserCatalog

This section is required to search and add users to the Roles. It is filled in the same way as the similar section in the Pam Core settings.