Delinea Privilege Manager
Description
The Delinea Privilege Manager connector uses the Privilege Manager REST API to discover application control policies, managed local accounts, and computer group memberships. It authenticates using OAuth 2.0 client credentials and provides visibility into endpoint privilege management configurations across Windows and macOS endpoints.
System Type Classification
| Field | Value |
|---|
| System Type | PAM Tool |
| Default Scan Priority | 500 |
Version Support
| OrbisID Edition | Supported |
|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Supported Protocol
| Protocol | Port | Notes |
|---|
| REST API (HTTPS) | 443 TCP | OAuth 2.0 client credentials flow |
What OrbisID Discovers
| Data | Source |
|---|
| Managed local accounts | GET /TmsApi/api/v1/accounts |
| Computer groups | GET /TmsApi/api/v1/computergroups |
| Application policies | GET /TmsApi/api/v1/policies |
| Group memberships | Derived from computer group assignments |
Connection Requirements
Required Permissions
Create a dedicated API client in Delinea Privilege Manager with read-only access.
Minimum permissions:
- Read Accounts — view managed local accounts
- Read Computer Groups — view group assignments
- Read Policies — view application control policies
Credential Mapping
| OrbisID Field | Value |
|---|
credential.username | OAuth 2.0 Client ID |
credential.password | OAuth 2.0 Client Secret |
system.pamPlatformUrl | Privilege Manager base URL (e.g., https://pm.example.com) |
Network Requirements
The OrbisID server must have HTTPS access to the Delinea Privilege Manager server on port 443.
Configuration Steps
- In the Delinea Privilege Manager console, navigate to Administration → API Clients and create a new API client with read-only permissions
- Note the Client ID and Client Secret
- Create a Credential in OrbisID:
- Username: Client ID
- Password: Client Secret
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|
| Name | Descriptive name (e.g., Delinea Privilege Manager – Production) |
| PAM Platform URL | Base URL of the Privilege Manager instance |
| OS Type | DelineaPrivilegeManager |
| System Type | PAM Tool |
| Credential | The API client credential |
- Click Test Connection
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|
Authentication failed | Invalid client ID or secret | Verify the API client credentials in the Privilege Manager console |
| No accounts returned | Insufficient API permissions | Grant read access to accounts and computer groups |
404 Not Found | Incorrect base URL | Verify the PAM Platform URL setting |
SSL certificate error | Self-signed certificate | Add the Privilege Manager CA certificate to the OrbisID trust store |