Setting up password management
Password management functions consist of both reset and change methods.
The system automatically determines the method for reset and/or change depending of base asset support. For resetting and reconciling passwords of a privileged account, a management account is required to be configured in the system with a password change and reset permissions on the associated asset type.
This section demonstrates the following:
Type of management account
List of predefined management accounts
Adding a new management account
Editing existing management account
Type of management account
Default Accounts: These accounts are excluded during every account discovery rule and are not onboarded in the password vault. Refer Appendix for the list of standard accounts for commonly used devices. Passwords for such accounts are not required for configuration. Any number of accounts can be added to the list.
Management Accounts: These accounts are used in the system for running account discovery, password rotation and account password reconciliation. However, you can add more accounts or edit existing management accounts in the system.
List of predefined management accounts
Account name | Asset Type | Asset Category |
---|---|---|
admin | FortiGate | Firewall |
admin | FortiAnalyzer | Security Devices |
administrator | Windows Server | Operating System |
administrator | Windows | Workstation |
administrator | Windows Active Directory | Directory Server |
en | Cisco | Router |
en | Cisco | Switch |
en | Cisco | Firewall |
root | Unix Based | Operating System |
root | MySQL | Database |
sa | Microsoft SQL | Database |
system | Oracle | Database |
Adding a new management account
Login as an admin user.
Navigate to the Configuration → Click on Account Defaults → +Add Account Default
Select Asset Category and Asset Type from the drop-down list.
Select Account Role as Management.
Provide Account Name and Domain
Click on Save to Save the details in the system.
Editing existing management account
Login as an admin user.
Navigate to the Configuration → Click on Account Defaults.
Click on the desired account name which you want to edit.
Do the required changes like modifying the account name, specifying a domain name, changing the account role, etc.
Click on Update to update the details in the system.
Termination a password job
To terminate a password job with pending status, follow the below-mentioned steps:
Log in as an admin.
Navigate to Manage → Password Manager → Click on Job History.
Tick the Show only Pending Jobs checkbox if you want to see only pending password jobs.
Click on the :terminate: icon next to the description to terminate the password job.
You will be asked for the confirmation.
Click on yes.
The password job will be terminated with the status as Processed and Action Status as failed.