PAM r3.1.1.09 + PAMSC r14.01: Windows + Login Integration

Document ID : KB000100147
Last Modified Date : 05/06/2018
Show Technical Document Details
As a security administrator, you want to audit the actual user of your server, not the shared local privileged user name. CA Privileged Access Manager Server Control Login Integration allows CA Privileged Access Manager to integrate the login process and information with CA Privileged Access Manager Server Control. When activated, it allows the use of the actual CA Privileged Access Manager user name for auditing in CA Privileged Access Manager Server Control.
You will need the PAMSC 14.01.0430 build.

So now after applying this fix, when the local targeted account is created on the host with 'hostname\accountname' and PUPM Flags are on the integration works. But when the hostname is not included before, that’s when the Login Integration fails. 

We have discovered on our previous WebEx’s that when Login Integration is enabled, we are doing this format: 'hostname or domain name\account name', whereas when Login Integration is disabled, we send the account down as 'accountname' instead of 'hostname or domain name\account name'.

Please ensure there are no conflicting policies either (i.e., make sure none of your endpoints are in a device group where Login Integration is disabled while other policies containing the same endpoint(s) are enabled).