| pacli epm address set <EPM_ADDRESS> | Sets the endpoint manager server address. Use this as the first step
when configuring the agent for programmatic control. | error_code, error_message |
| pacli epm auth set [ui | cli] | Sets the authentication mode. Use cli to
suppress automatic browser pop-ups so a third-party application can
control authentication programmatically. Use ui
to restore standard behavior. If you click
Connect while in cli
mode, the mode automatically switches to ui; the
third-party application must explicitly run pacli epm auth
set cli to return to cli
mode. | error_code, error_message |
| pacli epm auth status | Returns the current authentication mode (ui or
cli). | authentication_mode, error_code,
error_message |
| pacli epm auth --geturl | Starts enrollment or authentication if needed and returns the SAML
URL for the identity provider authentication flow. The third-party
application must open this URL in a browser so the user can
authenticate. During first enrollment, the URL challenge is active for 3
minutes. | saml_url, error_code,
error_message |
| pacli status --epm | Returns EPM-specific status fields. Poll this command after the user
authenticates in the browser. When epm_configuration
returns Full Config, the agent has a valid
token and is ready to connect. | authentication_status,
epm_configuration, epm_address,
access_token_expiry, error_code,
error_message |
| pacli connect --best | Connects to the best available gateway using the stored token. No
additional user interaction is required. | status, gateway,
internal, error_code,
error_message |
| pacli gateway <gateway_name> | Connects to a specific gateway by name or address using the stored
token. | status, gateway,
internal, error_code,
error_message |
| pacli disconnect | Disconnects the active tunnel. | error_code, error_message |
