Managing Account Operations
This section provides insights for managing daily or ongoing operations related to privileged accounts
Viewing account inventory
Viewing accounts inventory from the account management interface.
Login to the system and select EPM from the product navigator.
Navigate to Manage → Click on Manage Accounts from the All Accounts section.
List of all the accounts will be displayed.
Update account attributes
Login to the system and select EPM from the product navigator.
Navigate to Manage → Click on Accounts from Asset Management section.
Click on the Edit button next to the Account on which you desire to change the attributes.
You can change the details and click on the Update button to update the changed details in the system.
Update account attributes in bulk
Sectona PAM platform provides you an option to update multiple accounts in the system manually using the bulk update option. Follow the below steps to bulk update accounts in the system:
Login to the system and select EPM from the product navigator.
Navigate to Manage → Asset Management section select Accounts.
Click on Bulk Accounts and select the Update option.
On the next page → Select the desired Account Category → Interactive Account / Service Account.
Select an Authentication type for your account like Password or Key Based or Key Based + Secret Key.
Tags (optional): Add relevant tags to this user. Refer to the section on Tags for more information about adding context with tags.
Enforce Password Change enable for including the accounts for schedule-based password change job.
Click on the Status bar to keep the accounts active in the system.
Download the Import format by clicking on the Download format button.
Follow the below steps to fill-up the Import format sheet and upload data in the system:
Open the downloaded Import format.
Enter the Asset Type like Windows server or Unix Based.
Enter Host-name/IP specify any one of them.
Enter DB Instance (optional) this is required only if the account is being on-boarded for a Database asset.
Enter Account Name followed by Password.
Enter Access Key and Secret Access Key (only applicable if the account authentication type is selected as Key Based + Secret Key).
Select all the columns and copy from the sheet.
On the PAM web console click on the Next button → Paste the copied text → Click on Next the button → review the list of accounts and click the Finish button to onboard the list of accounts in the system.
Configuring account dependencies
Some services in Windows environment might depend on the account configured to handle them. There might be a case when we need to change the password of the corresponding account, we need to either replace an old password in the file, execute a command or a script. Some actions need/can be performed before changing the password of the account, on successful password change and on password change failure.
Procedure to configure account dependency:
Navigate to EPM → Manage → Go to Asset Management from the sidebar.
Click on Accounts to access the Accounts window.
Click on action icon of the account and then click on Dependencies tab.
The account dependencies window will be displayed.
Parameter | Description |
---|---|
Type | The type of action you need to perform. The specific action can be Update password in account, Execute command, Replace old password in file, Execute Script, Windows services, Schedule task, IIS pool |
Asset | You can select the asset on which you wish to perform the type of action |
Account | You can select the account on which the type of action can be performed |
File Path | The path of the file required to replace an old password or execute a script |
Parameter | The parameter that will be effected |
Command | The command needed to be executed |
Options | This displays options such as Start, Stop, Restart and Update password which can be used for services, scheduled task, and IIS pool |
Active | Represents the current status of account dependency |
View session initiated by account
To audit any configuration changes by administrators of the system you can track by clicking on the Action icon corresponding to the account and then choose Session Activity.
Parameter | Description |
---|---|
ID | The unique session ID |
Username | The entity who accessed the session |
Asset Type | The type of asset |
Hostname | The hostname of the asset |
IP address | The IP address of the asset |
Account | The account that was accessed |
Login Time | The login time of the account |
Duration | The total duration the account was accessed |
Activity | Displays the activity graph of the corresponding session |
Changing an account password
Method 1:
Follow any one of the methods to change the user account password.
- Login to system and select PAM from the product navigator.
- Navigate to the "Manage" and click on the Asset Management from the sidebar → Asset.
- Click on the 'Account' button of that Account linked with the asset whose password you would like to change.
- The listed accounts linked with that asset will be displayed.
- Now, click on the edit button of the existing account to change its password.
- Enter the new password in the defined field and click on Update.
Method 2:
- Login to system and select PAM from the product navigator.
- Navigate to the "Manage" and click on the Asset Management from the sidebar → Account.
- Click on the 'edit' button of that Account whose password you would like to change.
- Enter the new password in the defined field and click on Update.
View password change history
Processed On | Initiated By | Status |
---|---|---|
22 Nov 2018 17:14 | John | Success |
In the above table, a user 'John' initiated a password change process which was successful on timestamp '22 Nov 2018 17:14'. By clicking on the timestamp in 'Processed On' field the following table will be displayed:
Log | Timestamp |
---|---|
Password/Key updated by user | 22 Nov 2018 17:14:14.363 |
In the above table, the user named 'john' updated a password/Key on timestamp '22 Nov 2018 17:14:14.363'.
Viewing account activity
To view the account activity done by users and administrators, you can track by clicking on the Action button corresponding to the account and choosing the View Account Activity option from the drop-down list. It will display a roadmap of account activities on the screen.
Account activity option shows the following details in a timeline chart
- Account created
- Account Modified
- Password Checkout
- Password Changed/Reset
- Session Taken