Configuring reconciliation policy
Reconciliation of passwords with the vault helps to bring passwords in sync with the vault. This can be a periodic process. Reconciliation policy helps to define reconciliation settings for a group of accounts.
Sectona PAM platform provides you with options to configure a reconciliation policy to either verify the passwords of privileged accounts, whether correct or not or to reset the password for the accounts that are out of sync in the system.
It's important to define management accounts for asset types in the section Configuration → Account defaults. Passwords for such accounts can be in the account inventory or configured separately in account defaults.
This section demonstrates the following:
Configuring a new reconciliation policy
Log in as an admin user.
Navigate to Policies → Click on Reconciliation Policy from the Password Management section.
Click on +Add Reconciliation Policy.
Policy name: Enter a desired name for the policy.
Verify password: Enable this option and select a reconcile time for policy trigger interval.
You can schedule the reconciliation policy to trigger in one of the following ways:
Once: Triggers the password rotation policy on a very immediatePasswordStatusMonitoringServiceapp service trigger.
Daily: Triggers the policy every 24 hours from the start date and time.
Weekly: Triggers the policy every 7 days from start date and time.
Monthly: Triggers the policy every 30 days from start date and time.
Recur every: Default value=1. You can define your desired Recur Every value for recurrences like every 1 month or every 2 weeks.Schedule time: Uncheck any checkbox to select the desired time the policy should get triggered. You can keep this value to trigger the policy as per the
PasswordStatusMonitoringServiceapp service trigger time.Start on: Select the start day for the policy to be activated. Default is the next day.
Valid till (optional): Only enable if you want the policy to stop reconciling passwords after a certain number of days.
Reconcile accounts: Enable this option only when you want the system to access the passwords for the out-of-sync accounts.
Exclude Account(s) (optional): Enter the account names you want to exclude from the reconciliation policy.
Click on the Save button to save the policy configuration.
Modifying an existing reconciliation policy
Log in as an admin user.
Navigate to Policies → Click on Reconciliation Policy from the Password Management section.
Click on a reconciliation policy name that you want to modify.
After modifying the policy, click the Update button to save the changes.
Viewing linked assets of the reconciliation policy
You can check the list of assets assigned to a particular reconciliation policy. This highlight will help you to get a consolidated view of assets with the same reconciliation policy. In addition, you will get information such as the Asset Type, Asset Category, Hostname, and IP Address of the asset.
To view the list of linked assets, follow the steps below:
- Navigate to the policy option and select the reconciliation policy from the sidebar.
- Select the policy on which you want permissions and click on the 'action' icon.
- Click on the Linked Assets option from the drop-down list.
- A new page will appear in front of you with a list of assets linked with the reconciliation policy.
| Description | Representation |
|---|---|
| Action |  |
To enable the reconciliation policy as per the defined parameters, you need to start PasswordStatusMonitoringService in the app services.