Pulse admin account password


#1

A customer is looking to implement a PAM (2 factor) authentication system. They have asked the following question regarding Pulse:

Would you be able to tell me if there is a way to change the Admin password used in Pulse via an external script? We don’t at this point need to know how to do it they just need to know if its possible.

Thanks.


#2

Hi mweller,

Currently this is not possible, Currently the admin is created by default when Pulse starts or can be reset. The way around this would be to use CAM Security with LDAP and use PAM accordingly. According to Microsoft, this can be achieved with Active Directory[1]

Regards,

Erik

[1] https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services (Browsed on Oct 19th, 2017)


#3

Further questions on this one from client:

I have passed this information on to the PAM guys and they have come back with further questions

(1) Is there a way of changing the local Pulse admin account password through a CLI/API?
(2) Can Pulse be set to use Windows/AD-based authentication instead of (or in addition to) local accounts?
(3) If (2) is possible – how would this change impact the Business Apps team’s use of Pulse, and also any integration of Pulse with other components?

Thanks,
Mark


#4

Hi Mark,
I’ll leave Q1 for Pulse support as I have no idea. But I think I can help with 2 & 3.

You can pretty easily set up AD based authentication in Pulse via CAM. All that’s needed is to enter the Cognos dispatcher URL in Pulse configuration and then per user in the user administration you can enter a CAM Namespace in addition to user name. If this is left blank then Pulse treats the user as a standard local Pulse user for password management and authentication. If the Namespace field is entered then the password field is grayed out and when users log on to Pulse web or thick client they do so via CAM.

This is all really easy to set up. All that needs to be done first is to set up Cognos BI linked to AD. We have a few customers with this setup and it works like a charm. (Note that with this setup we do keep 1 or 2 local accounts enabled so that in case Cognos BI server is unavailable or unresponsive it will still be possible to log onto Pulse to cancel threads, do migration, restart services, etc.)

To answer Q3 I don’t think it makes a shred of difference.


#5

Hi Mark,

It would be possible to update the password via a HTTP POST request to the server, it is undocumented but we could have a look to give you the correct syntax.