Description
The ARCON PAM connector uses the ARCON REST API to discover privileged accounts managed within the ARCON Privileged Access Management platform. It authenticates using username and password credentials and enumerates all target accounts, entitlements, and role assignments visible to the scanning user.
System Type Classification
| Field | Value |
|---|
| System Type | PAM Tool |
| Default Scan Priority | 500 |
Version Support
| OrbisID Edition | Supported |
|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Supported Protocol
| Protocol | Port | Notes |
|---|
| REST API (HTTPS) | 443 TCP | Basic or token-based authentication |
What OrbisID Discovers
| Data | Source |
|---|
| Privileged accounts | GET /api/v1/accounts |
| Account groups / roles | GET /api/v1/groups |
| Memberships | Derived from account-to-group assignments |
Connection Requirements
Required Permissions
Create a dedicated ARCON service account with read-only access to the ARCON PAM console.
Minimum permissions:
- View Accounts — read access to all managed accounts
- View Groups — read access to account groups and role definitions
Credential Mapping
| OrbisID Field | Value |
|---|
credential.username | ARCON PAM service account username |
credential.password | ARCON PAM service account password |
system.hostname | ARCON PAM server hostname or IP |
Network Requirements
The OrbisID server must have HTTPS access to the ARCON PAM server on port 443.
Configuration Steps
- Create a dedicated read-only service account in the ARCON PAM console
- Create a Credential in OrbisID:
- Username: ARCON service account username
- Password: ARCON service account password
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|
| Name | Descriptive name (e.g., ARCON PAM – Production) |
| OS Type | ArconPam |
| System Type | PAM Tool |
| Hostname | ARCON PAM server hostname or IP |
| Credential | The scanning credential |
- Click Test Connection
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|
Authentication failed | Invalid credentials | Verify username and password in the ARCON console |
| No accounts returned | Insufficient permissions | Grant View Accounts to the service account |
| Cannot connect | Network / firewall | Verify TCP 443 is open between OrbisID and the ARCON server |
SSL certificate error | Self-signed certificate | Add the ARCON CA certificate to the OrbisID trust store |