CSV PAM
Description
The CSV PAM connector imports account data exported from a PAM (Privileged Access Management) tool such as CyberArk, BeyondTrust, or Delinea. The imported records populate the PAM Inventory and are used for reconciliation against accounts discovered by other scanners.
This connector is separate from the general CSV connector because imported records are treated as PAM inventory records rather than discovered accounts.
System Type Classification
| Field | Value |
|---|---|
| System Type | PAM Tool |
| Default Scan Priority | 500 |
Version Support
| OrbisID Edition | Supported |
|---|---|
| Community | Yes |
| Pro | Yes |
| Enterprise | Yes |
CSV PAM scanning is available in all editions.
Supported Sources
| Source Type | Description |
|---|---|
| File Upload | Upload a CSV file directly to OrbisID via the browser |
| Network Path | Specify a UNC or local path accessible from the On-Premise Agent host |
What OrbisID Imports
CSV PAM imports create PAM Account records in the PAM Inventory. Map CSV columns to:
| OrbisID Field | Required | Description |
|---|---|---|
accountName | Yes | The privileged account name as stored in the PAM tool |
systemName | No | The managed system name in the PAM tool |
platform | No | PAM platform/template (e.g., WinDomain, Unix) |
safeName | No | Safe, vault, or container name |
username | No | Username on the target system |
address | No | Target system hostname or IP |
pamRiskLevel | No | Risk classification from the PAM tool |
Configuration Steps
- Navigate to Systems in the sidebar
- Click Add System
- Set OS Type to
CSV PAM - Fill in the fields:
| Field | Value |
|---|---|
| Name | Descriptive name (e.g., cyberark-export) |
| System Type | PAM Tool (auto-selected) |
| Source Type | File Upload or Network Path |
| File Path | (Network Path only) Path to the PAM export file |
| Delimiter | ,, ;, \t, or | |
| Has Header Row | Yes/No |
| Column Mappings | Map CSV columns to PAM Account fields |
- Upload the CSV file (if File Upload) or verify the network path is accessible
- Click Test Connection to validate the file
- Click Save
PAM Reconciliation
After importing PAM data, run a reconciliation to compare the PAM inventory against accounts discovered by other scanners. See PAM Inventory — Reconciliation for details.
Most PAM tools support scheduled exports. Configure your PAM tool to write an export to a network share and use a scheduled OrbisID scan policy to import it automatically, keeping reconciliation data current.
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|---|---|
| Records imported but do not appear in reconciliation | System linking not configured | Ensure the systemName or address field matches an OrbisID target system |
| Duplicate records after re-import | Account name not unique | Verify the accountName column contains unique values |
| Test connection fails for network path | Share not accessible from agent | Check that the On-Premise Agent has read access to the share |