Active Directory

Indeed Identity PAM interacts with end users through an account that will read directory users and their attributes.

Account to use with user directory

Alternatively, you can use an existing account.

Start the Active Directory Users and Computers snap-in
Open the context menu of the Container or Organization Unit
Select Create - User item
Enter the name, for example, IPAMADServiceOps
Fill in the required fields and complete the creation of the account
Open the context menu of the container, organizational unit, or domain root and select the Properties item
Go to the Security tab
Click Add
Select IPAMADServiceOps account and click Ок
Click Advanced
Select IPAMADServiceOps and click Edit
For the field Applies to: set value Descendant User objects
In the Permissions: section check Reset password
Save all changes

Alternatively, you can use an existing account.

File storages are necessary for aggregation and long-term storage of videos, screenshots and files transferred in sessions.

A domain account is required to work with file storage, recommended to use the already created IPAMStorageOps account.

Log in to the server, which will act as a file storage
reate folders, for example MediaData, ShadowCopy, Screencasts
Right click on the folder you created, select the item Share with > Specific people
Enter the username, for example IPAMStorageOps and click Add
In the "Permission level" column, click the Read value next to the IPAMStorageOps user and select Read/Write from the menu.
Finish by clicking Share

Indeed Identity PAM uses Microsoft SQL Server or PostgreSQL Pro to store data. The following components require databases:

IPAMCore - PAM Core component database is used to store Indeed Identity PAM privileged accounts, resources, permissions, and other service data
IPAMJobs - PAM Core component database is used to store scheduled jobs
IPAMIdp - IdP component database is used to store authenticators of Indeed Identity PAM users and administrators
ILS - Log Server component database is used to store the Indeed Identity PAM event

Microsoft SQL Server

Run Microsoft SQL Management Studio (SSMS) and connect to Microsoft SQL Server instance
Open the context menu of Databases item
Select the New Database item
Specify a database name, for example IPAMCore, IPAMJobs, IPAMIdP, ILS
Click ОK

PostgreSQL, PostgreSQL Pro

Launch pgAdmin and connect to the PostgreSQL Pro server
Open the context menu of the Databases item
Select Create, Database
Specify a database name, for example: IPAMCore, IPAMJobs, IPAMIdP, ILS
Click Save

Microsoft SQL Server

Start Microsoft SQL Management Studio (SSMS) and connect to the Microsoft SQL Server instance
Expand the Security item
Open the context menu of Logins item
Select the Create login item
Enter the name, for example IPAMSQLServiceOps
Select SQL Server authentication item and fill in the required fields
Switch to User Mapping item
Check IPAMCore, IPAMTasks, IPAMIdP and ILS databases
Check database roles db_owner, db_datareader and db_datawriter
Click ОK

PostgreSQL, PostgreSQL Pro

Launch pgAdmin and connect to the PostgreSQL Pro server
Open the context menu of the Login/Group Roles item
Select Create, Login/Group Role
Specify a Name, for example IPAMSQLServiceOps
Go to Definition tab, enter the new password for account
Go to Privileges tab, check Yes for Can Login? and Superuser? items
Click Save, repeat for the rest of the databases.

The grants db_owner for Microsoft SQL Server and Superuser for PostgreSQL are required only for the first access to the database.