Password management functions consist of both reset and change methods.

The system automatically determines the method for reset and/or change depending of base asset support. For resetting and reconciling passwords of a privileged account, a management account is required to be configured in the system with a password change and reset permissions on the associated asset type.

This section demonstrates the following:

  • Type of management account

  • List of predefined management accounts

  • Adding a new management account

  • Editing existing management account

Type of management account

  • Default Accounts: These accounts are excluded during every account discovery rule and are not onboarded in the password vault. Refer Appendix for the list of standard accounts for commonly used devices. Passwords for such accounts are not required for configuration. Any number of accounts can be added to the list.

  • Management Accounts: These accounts are used in the system for running account discovery, password rotation and account password reconciliation. However, you can add more accounts or edit existing management accounts in the system.

List of predefined management accounts

Account name

Asset Type

Asset Category

admin

FortiGate

Firewall

admin

FortiAnalyzer

Security Devices

administrator

Windows Server

Operating System

administrator

Windows

Workstation

administrator

Windows Active Directory

Directory Server

en

Cisco

Router

en

Cisco

Switch

en

Cisco

Firewall

root

Unix Based

Operating System

root

MySQL

Database

sa

Microsoft SQL

Database

system

Oracle

Database

Adding a new management account 

  • Login as an admin user.

  • Navigate to the Configuration → Click on Account Defaults → +Add Account Default

  • Select Asset Category and Asset Type from the drop-down list.

  • Select Account Role as Management.

  • Provide Account Name and Domain

  • Click on Save to Save the details in the system.

Editing existing management account 

  • Login as an admin user.

  • Navigate to the Configuration → Click on Account Defaults.

  • Click on the desired account name which you want to edit.

  • Do the required changes like modifying the account name, specifying a domain name, changing the account role, etc.

  • Click on Update to update the details in the system.

Termination a password job

To terminate a password job with pending status, follow the below-mentioned steps:

  • Log in as an admin.

  • Navigate to Manage → Password Manager → Click on Job History.

  • Tick the Show only Pending Jobs checkbox if you want to see only pending password jobs.

  • Click on the :terminate: icon next to the description to terminate the password job.

  • You will be asked for the confirmation.

  • Click on yes.

  • The password job will be terminated with the status as Processed and Action Status as failed.