Description
The Senhasegura connector uses the Senhasegura A2A REST API to discover managed credentials (accounts) and managed devices within a Senhasegura PAM instance. It authenticates using the OAuth 2.0 client credentials grant, with managed devices recorded as SENHASEGURA_DEVICE entitlements and credentials mapped to the device they belong to.
System Type Classification
| Field | Value |
|---|
| System Type | PAM Tool |
| Default Scan Priority | 500 |
Version Support
| OrbisID Edition | Supported |
|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Supported Protocol
| Protocol | Port | Notes |
|---|
| Senhasegura REST API (HTTPS + OAuth 2.0) | 443 TCP | Client credentials flow via /iso/oauth2/token |
What OrbisID Discovers
| Data | Source |
|---|
| Managed credentials (accounts) | GET /iso/pam/credential (paginated) |
| Account username | username / user field |
| Account hostname | hostname field — used as qualified account name |
| Managed devices | GET /iso/pam/device (paginated) — recorded as SENHASEGURA_DEVICE entitlements |
| Device type | type field — stored as entitlement attribute |
| Credential-to-device relationship | Credential hostname matched to device name |
Connection Requirements
Senhasegura A2A Application
OrbisID authenticates using an A2A (Application-to-Application) OAuth 2.0 application registered in Senhasegura.
Steps to create the A2A application:
- In the Senhasegura Admin Console, navigate to A2A → Applications
- Click New and create a new application (e.g.,
OrbisID Scanner)
- Set the authentication type to OAuth 2.0
- Assign the following permissions:
- PAM Core → List Credentials (read)
- PAM Core → List Devices (read)
- Note the Client ID and Client Secret
Credential Mapping
| OrbisID Field | Senhasegura Value |
|---|
credential.username | A2A application client ID |
credential.password | A2A application client secret |
system.pamPlatformUrl | Senhasegura base URL (e.g., https://pam.example.com) |
Network Requirements
The OrbisID server (or On-Premise Agent) must have HTTPS access to the Senhasegura instance on port 443.
Configuration Steps
- Create an A2A OAuth 2.0 application in Senhasegura with PAM Core read permissions
- Create a Credential in OrbisID:
- Username: A2A client ID
- Password: A2A client secret
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|
| Name | Descriptive name (e.g., Senhasegura – Production) |
| PAM Platform URL | Senhasegura base URL (e.g., https://pam.example.com) |
| OS Type | Senhasegura |
| System Type | PAM Tool |
| Credential | The A2A application credential |
- Click Test Connection to verify OAuth authentication
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|
Authentication failed | Invalid client ID or secret | Verify the A2A application client ID and secret |
Access denied (403) on credentials | Missing PAM Core read permission | Assign List Credentials to the A2A application |
| No devices returned | Missing PAM Core device read permission | Assign List Devices to the A2A application |
| Connection refused | PAM Platform URL incorrect or SSL error | Verify pamPlatformUrl; check that the Senhasegura server certificate is trusted |