Intime dc doc6/16/2023 If you decide to change the hostname, you can update it in the Vault and PVWA. As the hostname is configured in the Vault (in the Vault's host file) and in the LDAP directory for the VendorLDAP in the PVWA, we recommend to keep the current name. If VendorLDAP is already running on this connector, the prompt asks you if you want to keep its hostname. We recommend that you use 'remoteaccessconnector' for each connector machine for this implementation. This does not need to be the hostname of the connector machine. ![]() Log into the Remote Access connector CLI.Īdd a hostname, which is used by the Vault to locate the VendorLDAP. This procedure describes how to initialize VendorLDAP and configure the corresponding directory in the PVWA. Just-in-time vendor provisioning fails when the AddDomainToUserName parameter is set to Yes in the PVWA LDAP settings. However, you still need to manually update the host file on the Vault server. This enables the Remote Access connector to include information from all connectors in the new directory created in the PVWA, and prevents you from needing to access the PVWA to configure each connector. In new installations, we recommend that you configure PAM - Self-Hosted as part of initialization after you initialize VendorLDAP on all the connectors. The certificate in the Vault and hosts will be updated, but all current Safe ownership with this VendorLDAP directory remains as it is, unless you choose to change it.Īfter initialization, you can configure PAM - Self-Hosted, which completes configuration in the PVWA and the Vault. If you have already configured VendorLDAP in PAM - Self-Hosted, and you are working with LDAP users and groups, you can configure high availability without negatively impacting on the configuration of the existing directory. ![]() This is relevant even it is already initialized. If VendorLDAP is already running on an existing connector, we recommended that you start implementing the high availability process on that connector, and initialize it first. Before you beginīefore you set up VendorLDAP, make sure that each connector that will be part of the implementation is upgraded to at least version 9. All vendor groups are synchronized, but only vendor users assigned to applications reached by the connectors are sent to the connectors within that site. VendorLDAPs are initialized on Remote Access connectors, ensuring that the vendor groups on these connectors are synchronized, and users benefit from constant secure access in high traffic situations.Ĭonnectors in different sites within the same tenant are considered separate VendorLDAPs. OverviewĪ standalone directory, named VendorLDAP, is configured in the PVWA and accessible from the Vault, so that PAM - Self-Hosted can communicate with them and enable vendor access. ![]() This topic describes how to configure VendorLDAP in the PVWA to provide just-in-time access and high-availability for vendors and external users to your organization's applications.
0 Comments
Leave a Reply. |