Passwords need to be hidden from people at all times. If the job of changing passwords is left to an individual, that person may forget at times to perform this task. Using automatic password rotation the PAM administrator can define the frequency of password change in the policy and attach that policy to the assets where passwords need to be changed.
Follow the given rule to configure a Password Rotation Policy in EPM:
Login to the system and select EPM from the product navigator.
Go to Policies → Rotation Policy → +Add Rotation Policy.
Policy Name: Provide a name for the policy.
Rotate Password: By default, this value is set to false, you can enable it.
Schedule: You can schedule the passwords to rotate in one of the following ways:
Once: Rotates passwords only once at your specified time (preferably at a future date).
Daily: Rotates passwords every day.
Weekly: Schedules password change on a weekly basis.
Monthly: Rotates password change on a monthly basis
Recur every: Default value:1. You can define your own time-interval for recurrences like every 1 month or every 2 weeks.
Schedule Time: Select 'Any' if you like to schedule changes based on system-defined time or a specific time of the day to initiate password changes.
Start On: Select start day for policy to be activated. The default value is the next day.
Valid Till: Activate this setting when you want the policy to expire and stop rotating passwords after a certain time.
Password reset functionality when enabled on assets like Windows and Linux forces password reset upon subsequent logon attempts causing transparent login to fail. It is recommended to disable the "Enforce password change upon reset" feature on asset policies.
Password Policy: Select the password policy that has to be implemented on this rotation policy from the drop-down list.
Reset Password for Out of Sync Account: Use this option when you do want the password to be reset by a password rotation policy. You will need an admin-level management account to perform this operation.
Save/Update: Save or update the policy as required.