Skip to main content
Skip table of contents

Account Lifecycle Management

This section provides information about managing lifecycle and operations of privileged accounts, key concepts and workflow.

It is necessary to control their access permissions on information assets to maintain security and adhere to compliance terms. Whenever a privileged access request is made to the IT operations, manually checking all attributes and grant access might consume much time. If the IT admin supplies the access credentials personally to a user, it might be prone to internal security risks. Tools with inconsistent processes can lead to the loss of sensitive data and compromise their privileged assets. IAM & PAM systems not integrated together may not provide desired security benefits.

Sectona's Account Lifecycle Management enables managing and monitoring privileged account's lifecycle within PAM system context. Sectona provides account ownership and helps to set custodian of an account at time of provisioning. This section covers:

Advantages

Using inbuilt Account Lifecycle capabilities within Sectona Security Platform allows ease of use for IT Operations team.

  • Account Ownership - Use Sectona to assign account ownership upon creation without manual intervention & support future governance tasks.

  • Ease in managing logs - All the details of account lifecycle, date of creation, their permissions, roles, assets assigned, grouping, membership every minor detail of the account are stored in PAM's account lifecycle logs.

  • Secured - Often IT teams communicate credentials personally to a privileged user or using cumbersome processes which might get flagged as an internal security risk. Allowing passwords & secrets directly to a user using same platform ensures risks of credential theft while communication.

  • Time-saving - Account Lifecycle Management gives a secure framework, saves an ample amount of time, and helps in focusing the organization's productivity.

Getting started

For executing Account Lifecycle operations, make sure “AccountsLifecycleService” should be enabled in PAM. For System App services, refer Monitoring System Health & Service Status .

  • Management account should be configured and verified in Account Defaults with valid username and password. For configuring Account Defaults, refer Configuring management account .

  • Make sure that you use common ports to establish connection between PAM and target server.

  • Communication Protocol used by PAM are as follows:

Asset Type

Communication Protocol

Windows

WMI

Unix

SSH

Database Assets

ODBC (Standard Database)

Active Directory

LDAP

Supported Devices

Following are the list of per-defined role provided by Sectona

Category

Type

Method

Operating System

Windows Server

WMI

Unix Based

SSH Command

Database

Microsoft SQL

Microsoft SQL Query

Oracle

Oracle Query

MySQL

MySQL Query

Active Directory Server

Windows Active Directory

WMI

How it works

Account Lifecycle Manager (ALM) leverages core platform services of User Management, Asset Management, Vaulting, workflow management & device communication. Platform administrator with account lifecycle privilege role can access ALM to provision accounts & manage provisioned accounts. Assets managed via platforms are available.

 When a create user event is triggered a typical flow is

  • ALM verifies the status of the Asset in the platform

  • Validates management account availability & configuration for processing the trigger

  • Collect role information & password policy information applied to asset at platform level

  • Execute the job and collect & store logs

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.