Password management can be scheduled on a periodic basis using rotation policy or via ad-hoc password changes. This section describes procedures and practices for setting up a password management module.

The system uses a queue management system to schedule and run password change jobs. Such jobs are auto-scheduled and executed by PasswordManagementService App service.

Before you begin

  • You have an understanding of the network architecture and types of passwords you want to change.

  • You have access to password policies to be configured in the system.

  • You can configure change and alert notifications for password changes.

Basics of password management configuration

Irrespective of your need to change password based on a schedule or adhoc reconciliation, you need to setup the following settings:

Step

Purpose

Configuring management account

Define reconciliation or management accounts for ensuring password resets.

Configuring password policy

Define password complexity structure

Configuring password checkout policy

To setup rules for workflow-based password checkout rules.

Scheduling automated password change policies

Step

Purpose

Configuring password rotation policy

To setup password change rules for different asset type classes.

On-demand password change

On-demand password change enables you to reset or change privileged account passwords across multiple assets at once. On-demand password change helps you to change passwords without actually logging onto the corresponding assets. This is useful in scenarios wherein you want to change your password from PAM for an account that you don’t want to be included for schedule password change job. Procedure for On-Demand Password Change.

  • Login as an admin.

  • Navigate to ManagePassword Manager  → New Job tab will be opened.

  • Select the desired Asset Type.

  • Select an account on which you want to change the password.

  • Enter a custom Job Description (optional).

  • Provide Account Category, Asset Owner, Password Age, and Asset Location (optional).
  • Make sure to select Immediate Processing for triggering password change job immediately.

  • Click on the Submit button to submit the password change job.

Tick the Show only Account with Enforce Password Change checkbox, to list down the accounts with enforce password change.

Viewing job status

All password job status can be viewed as per the below schedule:

  • Login as an admin.

  • Navigate to ManagePassword Manager → Click on Job History.

  • Select the dates from the drop-down to view the Job History.

  • Tick the Show only Pending Jobs checkbox if you want to see only pending password jobs.
  • You will be displayed with following the Status on a password job. Type of status are as follows:

    • Pending: When a job is being executed or waiting for the Account Password Change Service to be started.

    • Success: When a password change is successfully completed.

    • Failed: This status comes when the password change was failed due to an error.

  • To further investigate a failed job, click on the job title to open the details and click on the Failed status button → A pop-up will be opened displaying the error.

Termination a password job

To terminate a password job with pending status, follow the below-mentioned steps:

  • Log in as an admin.
  • Navigate to Manage → Password Manager → Click on Job History.
  • Tick the Show only Pending Jobs checkbox if you want to see only pending password jobs.
  • Click on the icon to terminate the password job
  • You will be asked for the confirmation
  • Click on yes
  • The password job will be terminated with the status as Processed and Action Status as failed.

Termination a password job

To terminate a password job with pending status, follow the below-mentioned steps:

  • Log in as an admin.
  • Navigate to Manage → Password Manager → Click on Job History.
  • Tick the Show only Pending Jobs checkbox if you want to see only pending password jobs.
  • Click on theicon next to the description to terminate the password job.
  • You will be asked for the confirmation.
  • Click on yes.
  • The password job will be terminated with the status as Processed and Action Status as failed.