๐Ÿ”๐Ÿข๐ŸŽซ๐Ÿ“‹๐Ÿ”ท๐Ÿ› ๏ธ

PAMlab
Studio

Build, Test & Ship PAM Workflows โ€” Without Touching Production

Press โ†’ to start

The Problem Everyone Knows

Step 1: Write provisioning script โœ… Done
Step 2: Ask for dev access to Fudo / AD / ServiceNow โณ 3 weeks
Step 3: Test against production ๐Ÿ’€ Good luck
Step 4: Break something ๐Ÿ”ฅ 200 users locked out

7 Mock APIs. One Command. Zero Risk.

PAMlab Studio :3000
๐Ÿ” Fudo:8443 ยท 42 eps
๐Ÿข Matrix42:8444 ยท 38 eps
๐Ÿ‘ค AD (LDAP):8445 ยท 28 eps
โ„๏ธ ServiceNow:8447 ยท 55 eps
๐ŸŽซ Jira SM:8448 ยท 40 eps
๐Ÿ› ๏ธ Remedy:8449 ยท 35 eps
๐Ÿ”ท Custom:8450 ยท 42 eps
docker-compose up -d
โœ“ All 7 services healthy in 4.2s

5 Real-World Templates โ€” Ready to Run

๐Ÿ‘ค Employee Onboarding

8 steps
Matrix42 โ†’ AD โ†’ Fudo

โฑ๏ธ Temporary Access

4 steps
Matrix42 โ†’ AD โ†’ Fudo

๐Ÿšช Offboarding

5 steps
AD โ†’ Fudo โ†’ ServiceNow

๐Ÿšจ Emergency Revocation

5 steps
Fudo โ†’ AD โ†’ ServiceNow

๐Ÿ“ Project Access

4 steps
AD โ†’ Fudo โ†’ Jira

Watch Your Workflow Execute

Get
Ticket
โ†’
Validate
Request
โ†’
Create
AD User
โ†’
Add to
Groups
โ†’
Create
Fudo User
โ†’
Assign
Policy
โ†’
Update
Ticket
โ†’
โœ…
Done
Total: 0ms

PowerShell IDE with Superpowers

๐Ÿ“ onboarding.ps1

# Create AD user from ticket data
$ticket = Get-M42Ticket -Id $TicketId
$user = New-ADUser -Name $ticket.FullName `
  -Department $ticket.Department

# Add to security groups
foreach ($g in $ticket.Groups) {
  Add-ADGroupMember $g $user
}

# Create Fudo access
$fudo = New-FudoUser -Login $user.Sam
Set-FudoPolicy $fudo $ticket.AccessLevel

๐Ÿงช Test Results

โœ… Ticket M42-7291 loaded
โœ… AD user jdoe created
โœ… Added to 3 groups
โœ… Fudo user provisioned
โœ… Policy RDP-Admins assigned
โœ… Cleanup: all test data removed

Random test users โ†’ No conflicts
โ†’ Auto-cleanup after run

From Mock to Production in 60 Seconds

๐Ÿงช Mock

$base = "https://localhost:8443"
$auth = "mock-token-123"

Invoke-RestMethod $base/api/v2/users

๐Ÿญ Production

$base = "https://fudo.corp.net"
$auth = Get-OAuth2Token `
  -ClientId $env:FUDO_ID

Invoke-RestMethod $base/api/v2/users

Same logic. Different endpoints.

๐Ÿ”‘ API Token๐Ÿ” OAuth2๐Ÿ“‚ LDAP Bind๐Ÿ”’ Basic Auth

Fudo Access Policies: The Missing Link

User in group = access to all servers in the safe

๐Ÿ‘ค AD Group
GRP-RDP-Admins
โ†’
๐Ÿ” Fudo Group
RDP-Server-Admins
โ†’
๐Ÿ—„๏ธ Safe
IT-Administration
โ†’
๐Ÿ–ฅ๏ธ Servers
DC01, DB-PROD, FS01
POST /api/v2/access-policies
{ "user_group_id": 12, "safe_id": 5, "protocol": "rdp" }

By the Numbers

0
API Endpoints
0
Mock Services
0
Workflow Templates
0
API Calls / Onboarding
0
Production Systems Harmed

847ms average test run. Faster than your morning coffee. โ˜•

Try it. Break stuff. Nobody gets paged.

git clone https://github.com/BenediktSchackenberg/PAMlab.git
cd PAMlab && docker-compose up
# Open http://localhost:3000
โญ View on GitHub

Apache 2.0 โ€” Free forever

Built by Benedikt Schackenberg