For resources based on Windows OS, * nix OS and MS SQL Server, MySQL, OracleDB and PostgreSQL, you can configure a service connection that will allow you to perform the following operations:

Checking the connection to the resource
Synchronization of accounts
Account password verification
Resetting account passwords
Synchronization of account security groups
Synchronization of data about the OS or DBMS version

The service connection can be configured both when adding a resource or after adding it to Indeed PAM, this article will consider examples of setting up a service connection for resources already added to the system.

Adding accounts

Service operations are performed on behalf of a service account. Both a local resource account and a domain account can be assigned to the service role. Before setting up a service connection, you must add a local or domain account to the system.

Adding a resource
Adding local accounts
Adding a domain
Adding domain accounts

Selecting and configuring a service connection

Open the resource profile and click to the right of the Service connection option
Enable the Use connector for service connection option

Setting up a service connection for Windows

Select Connector - Windows
Specify the Address (DNS name/IP address)

Selecting a service account

Enter the Name of the local or domain account in whole or in part
Select an account
Complete the service connection setup

Setting up a service connection for *nix

Select Connector - SSH
Select the connection template

Specify the Address (DNS name/IP address)

Tip

icon	false

The Template field contains templates of service operations for OS *nix. By default, templates of service operations for OS * nix are absent in Indeed PAM. To create and add a template, please contact Indeed technical support.

Selecting a service account

Enter the Name of the local account in whole or in part
Select an account
Complete the service connection setup

Configure Service connection.

Activate the Use connector for service connection.

Note

icon	false

If you plan to use a local account of the resource as the service one, then this setting can be skipped. You can return to it after an account for the resource is added. If an Active Directory domain is added to Indeed PAM, then you can use a domain account as service one.

Configuration of service connection with SSH type:

Select Connector - SSH.

Setting up a service connection for MS SQL Server DBMS

Select Microsoft SQL Server Connector
Enter Connection address
Image Added

Selecting a service account

Select the connection template.

Note

icon	false

There are no templates for SSH service connection by default. The procedure of creating and configuring a new connection type is detailed in Configurationsection.

Specify the Address (DNS name/IP address)

Enter the Name of the domain account or DBMS account
Select an account
Complete the service connection setup

Note
icon false
If

non-standard port is used for SSH connections, then it must be specified in the Port field.

Image RemovedConfiguration of service connection with the Microsoft SQL Server database type:

Select Connector - Microsoft SQL Server

Specify the Address (DNS name/IP address)

Note

icon	false

If Microsoft SQL Server is in a domain, you can use both domain and integrated accounts as a service account.
If Microsoft SQL Server is located outside the domain, only integrated SQL Server

an instance of MS SQL Server is part of an Active Directory domain, then both domain and DBMS accounts can be used as a service one.
If an instance of MS SQL Server is not part of an Active Directory domain, then only DBMS accounts can be used as a service

host.

Image Removed

Warning

icon	false

Only integrated SQL Server accounts are synchronized.

Configuration of service connection with the Oracle database type:

Select Connector - Oracle Database

Specify the Address (DNS name/IP address)

Note

icon	false

one.

Setting up a service connection for OracleDB

Select Oracle Database Connector
Enter Connection address, port and SID of the DBMS or DB instance
Image Added

Selecting a service account

Enter the Name of the DBMS account in whole or in part
Select an account
Complete the service connection setup

Setting up a service connection for PostgreSQL/PostgreSQL Pro

Select PostgreSQL Connector
Enter Connection address and Port
Image Added

Selecting a service account

Enter the Name of the DBMS account in whole or in part
Select an account
Complete the service connection setup

Setting up a service connection for MySQL

Select PostgreSQL Connector
Enter Connection address and Port
Image Added

Selecting a service account

Enter the Name of the DBMS account in whole or in part
Select an account
Complete the service connection setup
Warning
icon false
To perform service operations Indeed PAM uses the mysql_native_password authentication type, other authentication types are not supported.

Setting up a MySQL service account

Open the MySQL service account profile and click Image Added to the right of the Name option
Fill in the Enter new host for account field

Backtotop

Delay	0
Distance	250

To use the Resource Connection service account, you must be able to log in with the SYSDBA privilege, and to verify the password of other accounts, you need the CONNECT privilege. Use the following commands to apply privileges:

Code Block

language	sql

GRANT CONNECT TO username;
GRANT SYSDBA TO username;

Image Removed

Configuration of service connection with the PostgreSQL Pro database type:

Select Connector - PostgreSQL
Specify the Address (DNS name/IP address)
Specify the Port

Configuration of service connection with the MySQL database type:

Select Connector - MySQL

Specify the Address (DNS name/IP address)

Specify the Port

Note

icon	false

After creating a service connection, the host name must be entered in the properties of the MySQL service account.

Select the service account. To find the account enter Account name completely or partially.

Select the account policy.

Image Removed

Look through the resource parameters again and click Create.

Note

icon	false

If you need to modify the resource parameters, simply click Back to return to the required step.

Image Removed

Search for resources

Search is performed in the Resources section.

Textual search

To find the resource, enter Resource name or Address (DNS address/IP address) to the search string completely or partially.

Extended search

Click Advanced search and enter one or several criteria - Resource name or Address - to the search string completely or partially.
Select the resource status:

Blocked
Removed
Ready

Check of connection to resource

The connection check allows to determine whether the resource is available in the network, as well as whether the address, account name and password are correct.

Bulk connection check

Mark one or several resources in the Resources section and click Check connection.

Connection check from the resource profile

Switch to the Resources section and find the required resource.
Open the resource profile and click Check connection.

Resource editing

To change the Resource name, Description, Policy, User or Service connection, please proceed as follows:

Switch to the Resources section and find the required resource.

Open the resource profile and click

Image Removed to the right of the required parameter.

Divbox

class	rightFloat

Table of Contents

printable	false

Page tree

Versions Compared

Old Version 3

New Version Current

Key

Adding accounts

Selecting and configuring a service connection