/
Integration Guide: ManageEngine PAM360

SecHard

Integration Guide: ManageEngine PAM360

This document outlines the steps required to integrate ManageEngine PAM360 with SecHard. This integration allows SecHard to pull credentials directly from PAM360, ensuring a centralized and secure password management. 

 

Phase 1: Creating the API User in PAM360 

To allow SecHard to communicate with PAM360, you must first create a dedicated API user. 

  1. Navigate to Users: Go to the Users section in the PAM360 interface. 

  2. Add User: Click Add User > Add API User

  3. Select User Type: Choose REST and Application User

  4. Set Permissions (Least Privilege): Select Password User as the role. 

Note: Administrative privileges are not required for this integration. 

  1. Enable REST API: Ensure that REST API Access is set to Enabled

  2. Configuration Settings: 

    1. SDK/Hostname: These are not required for this integration; they can be disabled or enabled based on your internal policy. 

    2. Access Validity: Set this according to your organization’s security policy. 

    3. Generate Token: Complete the setup to generate the initial Auth Token

For official ManageEngine documentation on this process, refer to: ManageEngine API User Guide

 

Phase 2: Token Activation and Management 

After creating the user, the token must be active to facilitate the integration. If you need to regenerate or manually activate the token via the API, you can use the following cURL command: 

Bash 

curl -k -X PUT \ 
   "https://<PAM360_IP_ADDRESS>:8282/restapi/json/v1/user/regenerateAuthtoken" \ 
   -H "AUTHTOKEN: <Current_API_Token>" 
 

 

Phase 3: Configuring SecHard for PAM360 Integration 

Once the API user and token are ready, you must define the PAM360 server within SecHard. 

  1. Log in to the SecHard web interface. 

  2. Navigate to Settings > System > System Integration > PAM > PAM360

  3. Enter the PAM360 server details (IP/Hostname and Port). 

  4. Input the API Token generated in Phase 1. 

  5. Save the configuration. 

 

Phase 4: Adding Resources with PAM360 Authentication 

To use credentials stored in PAM360 for a specific resource in SecHard: 

  1. Go to the Resource section and select Add Account

  2. Auth Type: Set this to PAM360

  3. Resource Name: Enter the exact name of the resource as it appears in PAM360. 

  4. Account: Enter the exact name of the account as it appears in PAM360. 

  5. Save and verify the users password.

 

Phase 5: Credential Sharing in PAM360 

For SecHard to "see" the passwords, the API user must have permission to access them within PAM360. 

  1. In PAM360, locate the resource/account you wish to use. 

  2. Select the account and click Share

  3. Share the account with the API User created in Phase 1. 

  4. Ensure the API user has at least View Password permissions for that specific resource. 

 

SecHard