Create an OTP API user
Log in to Front-end (PSF) as a user from a OTP API Trustee group
Click the PAMUtil: Create OTP API User PDR.
Select a team.
Click Next .
Enter a PAM OTP Account Description.
Select one or more managed accounts.
Click Submit.
Bravura Security Fabric notifies authorizers to review the request if required.
Click the View request link at the top of the page to view the status of the request.
Once created, OTP trustees would be able to request access to the OTP API user account.
See Example: Create an OTP API user for a detailed example.
API automation for creating an OTP API user
Once the API has been configured (See ”SOAP API” in Bravura Security Fabric Remote API (api.pdf) and your script has been authenticated to the API (Login or LoginEx API calls), the WF API calls can be used to create an API request.
Use the WFPDRSubmit function to create a workflow request and submit the request for publishing.
When submitting a request, use ”CREATE_PAMUTIL_API_USER” as the PDR ID. At a minimum, the request requires the following attributes:
attrkey | value |
|---|---|
MS_TEAM | The team the OTP API user account will be assigned to. |
OTP_ACCOUNT_DESCRIPTION | The description of the OTP API user account. |
SELECT_MULTI_MA | The GUID(s) of the managed account(s) the OTP API user will have access to. |
MS_ID | This is an arbitrary value attribute. |
MS_NAME | This is an arbitrary value attribute. |
MS_NAME and MS_ID attributes are required but their values are not important. In the future versions of the product, those attributes will not be required.
CREATE_PAMUTIL_API_USER batch request sample:
"MS_TEAM","OTP_ACCOUNT_DESCRIPTION","SELECT_MULTI_MA","MS_ID","MS_NAME" "TEAM-000000","sample otp api user","AA3AC9A7-6CAB-48A2-B1B7-1B804A256539,30F91A85-6C36-4C6F-90A1-81C60D692575","x","x"