Password management can be scheduled on a periodic basis using rotation policy or via ad-hoc password changes. This section describes procedures and practices for setting up a password management module.
The system uses a queue management system to schedule and run password change jobs. Such jobs are auto-scheduled and executed by PasswordManagementService App service.
Before you begin
You have an understanding of the network architecture and types of passwords you want to change.
You have access to password policies to be configured in the system.
You can configure change and alert notifications for password changes.
Basics of password management configuration
Irrespective of your need to change password based on a schedule or adhoc reconciliation, you need to setup the following settings:
To setup password change rules for different asset type classes.
On-demand password change
On-demand password change enables you to reset or change privileged account passwords across multiple assets at once. On-demand password change helps you to change passwords without actually logging onto the corresponding assets. This is useful in scenarios wherein you want to change your password from PAM for an account that you don’t want to be included for schedule password change job. Procedure for On-Demand Password Change.
Login as an admin.
Navigate to Manage → Password Manager → New Job tab will be opened.
Select the desired Asset Type.
Select an account on which you want to change the password.
Enter a custom Job Description (optional).
Provide Account Category, Asset Owner, Password Age, and Asset Location (optional).
Make sure to select Immediate Processing for triggering password change job immediately.
Click on the Submit button to submit the password change job.
Tick the Show only Account with Enforce Password Change checkbox, to list down the accounts with enforce password change.
Viewing job status
All password job status can be viewed as per the below schedule:
Login as an admin.
Navigate to Manage → Password Manager → Clickon Job History.
Select the dates from the drop-down to view the Job History.
Tick the Show only Pending Jobs checkbox if you want to see only pending password jobs.
You will be displayed with following the Status on a password job. Type of status are as follows:
Pending: When a job is being executed or waiting for the Account Password Change Service to be started.
Success: When a password change is successfully completed.
Failed: This status comes when the password change was failed due to an error.
To further investigate a failed job, click on the job title to open the details and click on the Failed status button → A pop-up will be opened displaying the error.
Termination a password job
To terminate a password job with pending status, follow the below-mentioned steps:
Log in as an admin.
Navigate to Manage → Password Manager → Clickon Job History.
Tick the Show only Pending Jobs checkbox if you want to see only pending password jobs.
Click on the icon to terminate the password job
You will be asked for the confirmation
Click on yes
The password job will be terminated with the status as Processed and Action Status as failed.
Termination a password job
To terminate a password job with pending status, follow the below-mentioned steps:
Log in as an admin.
Navigate to Manage → Password Manager → Clickon Job History.
Tick the Show only Pending Jobs checkbox if you want to see only pending password jobs.
Click on theicon next to the description to terminate the password job.
You will be asked for the confirmation.
Click on yes.
The password job will be terminated with the status as Processed and Action Status as failed.