Privileged Access Management REST API reference
Microsoft Identity Manager (MIM) 2016 adds a new scenario called Privileged Access Management (PAM). PAM enables an organization to have more control over the access rights of high privileged user accounts, such as system or service administrators, to sensitive resources. PAM controls high privilege account access by providing limited time access rights, just in time (JIT), when the access rights are needed.
A user can ask MIM Service for privileged access rights (elevation) in one of two ways:
- By using the PAM REST API.
- By using the PAM PowerShell New-PAMRequest cmdlet.
The topics in this guide describe the PAM REST API. For more information about using the PowerShell cmdlet, see The Test Lab Guide: Demonstrating Privileged Access Management using Microsoft Identity Manager, available on the connect site.
PAM REST API resources and operations
The PAM REST API operates on the following resources:
PAM role: A PAM role associates a collection of users with a collection of access rights. The access rights are defined by reference to security groups. Every PAM role has a list of user accounts, called candidates, that are entitled to elevate to the PAM role. You can perform the following operations on PAM roles:
PAM request: A user who wants to elevate to PAM role access rights has to submit a PAM request and get approval for the request to elevate. The PAM Request object tracks the lifecycle of this request in the MIM Service. You can perform the following operations on PAM requests:
Pending PAM request: Used to approve or reject PAM requests that have been submitted by users. You can perform the following operations on pending PAM requests:
PAM session: When using the PAM REST API, the client (for example, a web browser) has a session with the PAM REST API endpoint. In this session, the client is authenticated to the REST API endpoint. You can perform the following operations on PAM sessions:
For more detailed information about the service, see PAM REST API Service Details.
PAM sample portal on GitHub
One way to learn how to use the PAM REST API is by using the PAM sample portal, an example web application that uses the API. You can find the code for the PAM Sample portal in the PAM sample repository on GitHub. You can learn how to deploy the sample portal in the PAM Test Lab Guide.