Page History

Go to C:\inetpub\wwwroot\pam\idp folder and edit appsettings.json file:

ConnectionStrings

• DefaultConnection - database connection string IPAMIdP

Connection String parameters:

• Server - is the name of Microsoft SQL Server or its named instance
• Database - is the name of database (IPAMIdP)
• User ID - is the service account to use with Indeed PAM databases

• Password - is the password for that service account

  "ConnectionStrings": {
    "DefaultConnection": "Server=sql.domain.local; Database=IPAMIdP; Integrated Security=False; User ID=IPAMSQLServiceOps; Password=password"
  }, 

"DefaultConnection": "Server=sql\\instance; ..."

Database

In the Provider section, select the DBMS connection provider:

• mssql - is for the MS SQL Server
• pgsql - is for the PostgreSQL Pro

IdentitySettings

• AdminSids - is SID of the user to get access to administrator console and the Roles management. If there are several of them, then the SIDs must be divided by comma
• IdpUrls - are Indeed PAM IdP URL addresses
• Lang - is the user interface language of the component, set it to "en" value
• GatewaySecret - Hash for client keys for additional authentication of Indeed PAM Gateway

• ConsoleAppClientSecret - Hash for client keys for additional authentication of the Console App utility

• SshProxyClientSecret - Hash for client keys for additional authentication of Indeed PAM SSH Proxy
  

• CoreApiSecret - Hash for client keys for additional authentication of PAM Core
  

• IdpApiSecret - Secret for client key of PAM IdP

  Excerpt Include
  Configuration Configuration nopanel true

• Enable2FaCacheForClients - List of client IDs for which the 2nd factor caching will work

• SecondFaCacheLifetimeSeconds - 2nd factor caching time in seconds
  List of available client ids -
  

  • "console-app"
  • "ssh-proxy-app"
  • "pam-management-console"
  • "pam-user-console"

  • "pam-gateway"

  • "pam-remote-client"

"IdentitySettings":{
	"AdminSids": [ 
		"S-1-5-21-1487179672-2651565253-5257550508-0000", 
		"S-1-5-21-1487179672-2651565253-5257550508-0001" 
	],
	"IdpUrls": [ "https://pam.domain.local/pam/idp" ],
    "Lang": "en",
    "SigningCertificate": "",
    "GatewaySecret": "N2u7dSLd5f8BmLHe5BImaOg7HWb9gCeKdTGCIC0iy9o=",
    "ConsoleAppClientSecret": "",
    "SshProxyClientSecret": "pgJSv8V5+mWMEecN3e6Lvp/pWBlbOOdiAuaU4nYvtv4=",
    "CoreApiSecret": "m2Ux/xH/uifL5xuILdkChgwyyZDDY8DacwHMUgURs7k=",
    "IdpApiSecret": "yGJHfNmHT0EX5GidmZ0GxChcqWLPx8HxXAyefo8eUWb6azPnBZIhQ5J1twyA3S+fomKeJpYbxHgQqyRilGadWg==",
    "RemoteInstallerClientSecret": "",
    "Enable2FaCacheForClients": [ "pam-management-console" ],
    "SecondFaCacheLifetimeSeconds": 60
  },

Encryption

• Algorithm - data encryption algorithm in the IDP database

• Key - data encryption key in the IDP database
  

  Code Block
  language js firstline 13
  "Encryption": { "Algorithm": "AES", "Key": "3227cff10b834ee60ad285588c6510ea1b4ded5b24704cf644a51d2a9db3b7e5" },

  
  

  Note
  icon false
  The encryption key is generated by the IndeedPAM.KeyGen.exe utility, which is included in the Indeed PAM distribution kit and is located in the /Misc directory.

  
  

PamSettings

• ManagementConsoleUrls - URL of Indeed PAM Management Console
• UserConsoleUrls - URL of Indeed PAM User Console
• CoreUrls - URL of Indeed PAM Core

• SessionLifetime - maximum duration of a user session in seconds
  

  Code Block
  language js firstline 13
  "PamSettings": { "ManagementConsoleUrls": [ "https://pam.domain.local/pam/mc" ], "UserConsoleUrls": [ "https://pam.domain.local/pam/uc" ], "CoreUrls": [ "https://pam.domain.local/pam/core" ], "SessionLifetime": 43200 },

  
  

UserCatalog

This section is required to search and add users to the Roles. It is filled in the same way as the similar section in the Pam Core settings.