Description
The Wallix Bastion connector uses the Wallix Bastion REST API over HTTPS to discover managed accounts, target devices, and user authorisations within a Wallix Bastion PAM deployment. It authenticates using an API key or username/password and provides visibility into session management and privileged access governance.
System Type Classification
| Field | Value |
|---|
| System Type | PAM Tool |
| Default Scan Priority | 500 |
Version Support
| OrbisID Edition | Supported |
|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Supported Protocol
| Protocol | Port | Notes |
|---|
| REST API (HTTPS) | 443 TCP | API key via X-Auth-Key header or Basic authentication |
What OrbisID Discovers
| Data | Source |
|---|
| Managed accounts | GET /api/wallix-manager/latest/accounts |
| Target devices | GET /api/wallix-manager/latest/devices |
| User profiles | GET /api/wallix-manager/latest/users |
| Authorisations | GET /api/wallix-manager/latest/authorizations |
| Memberships | Derived from authorisation-to-account grants |
Connection Requirements
Required Permissions
Create a dedicated Wallix Bastion user with read-only access to accounts, devices, and authorisations.
Minimum permissions:
- Auditor profile or equivalent read-only role
Credential Mapping
| OrbisID Field | Value |
|---|
credential.username | Wallix Bastion username |
credential.password | Wallix Bastion password or API key |
system.hostname | Bastion server hostname or IP |
Network Requirements
The OrbisID server must have HTTPS access to the Wallix Bastion server on port 443.
Configuration Steps
- In the Wallix Bastion console, create a dedicated user with the Auditor profile
- Optionally, generate an API key for the user: Administration → API Keys
- Create a Credential in OrbisID:
- Username: Wallix Bastion username
- Password: Wallix Bastion password or API key
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|
| Name | Descriptive name (e.g., Wallix Bastion – Production) |
| OS Type | WallixBastion |
| System Type | PAM Tool |
| Hostname | Bastion server hostname or IP |
| Credential | The scanning credential |
- Click Test Connection
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|
Authentication failed | Invalid credentials | Verify the user account in the Wallix Bastion console |
| No accounts returned | Insufficient permissions | Assign the Auditor profile to the scanning user |
SSL certificate error | Self-signed certificate | Add the Wallix Bastion CA to the OrbisID trust store |
| Cannot connect | Bastion unreachable | Verify TCP 443 from OrbisID to the Bastion server |