pdp idc

Syntax

pdp idc

      groups_consolidation <options>

      groups_update <options>

      muh <options>

      service_accounts <options>

      status

Important:

Parameters

Parameter

Description

groups_consolidation <options>

Shows and configures the consolidation of external groups with fetched groups.

The available <options> are:

  • Enable the consolidation (this is the default):

    pdp idc groups_consolidation enable

  • Disable the consolidation:

    pdp idc groups_consolidation disable

  • Show the current status:

    pdp idc groups_consolidation status

groups_update <options>

Shows and configures the automatic update of Identity Collector's LDAP Groups.

For more information, see Identity Awareness Clients Administration Guide > chapter "Identity Collector" > section "Identity Collector - Automatic LDAP Group Update"

The available <options> are:

  • Perform "update all" to get the current LDAP group status:

    pdp idc groups_update on

  • Disable the feature (default):

    pdp idc groups_update off

  • Show the current status of the feature:

    pdp idc groups_update status

muh <options>

Shows and configures the Multi-User Host detection.

The available <options> are:

  • Mark an IP address as a Multi-User Host:

    pdp idc muh mark <IP Address>

  • Show known Multi-User Host machines:

    pdp idc muh show

  • Unmark an IP address as a Multi-User Host:

    pdp idc muh unmark <IP Address>

service_accounts <options>

Shows and configures the suspected Service Accounts.

Important - This feature is enabled by default.

For more information, see the Identity Awareness Clients Administration Guide.

The available <options> are:

  • Show service account statistics -the current mode, known Service Accounts, and excluded accounts:

    pdp idc service_accounts show

  • Configure the number of simultaneous logins (default is 100), after which all usernames are detected as Service Accounts:

    pdp idc service_accounts set_threshold <2-1000>

  • Enable (this is the default) or disable the Prevent Mode (Auto-Exclude Mode):

    pdp idc service_accounts set_auto_prevention {enable | disable}

    Notes:

  • Mark specific usernames as a (if prevention is enabled, the sessions for these users are revoked):

    pdp idc service_accounts mark <username>

  • Configure specific usernames not to be detected as Service Accounts (continue to enforce identity):

    pdp idc service_accounts add_exception <username_1> <username_2> ... <username_N>

  • Configure specific usernames to be detected as Service Accounts, if users log in the specified number of times:

    pdp idc service_accounts delete_exception <username_1> <username_2> ... <username_N>

  • Remove specific usernames from the list of Service Accounts:

    pdp idc service_accounts unmark_service_accounts

    Note - You must put at least one space between account names. Do not put punctuation between account names.

  • Remove all usernames from the list of Service Accounts:

    pdp idc service_accounts unmark_service_accounts_all

status

Shows the status of configured identity sources (Identity Collectors).