Configuring management account
Password management functions consist of both reset and change methods.
The system automatically determines the method for reset and/or change depending of base asset support. For resetting and reconciling passwords of a privileged account, a management account is required to be configured in the system with a password change and reset permissions on the associated asset type.
This section demonstrates the following:
Adding a new management account
Default Accounts: These accounts are excluded during every account discovery rule and are not onboarded in the password vault. Refer Appendix for the list of standard accounts for commonly used devices. Passwords for such accounts are not required for configuration. Any number of accounts can be added to the list.
Management Accounts: These accounts are used in the system for running account discovery, password rotation and account password reconciliation. However, you can add more accounts or edit existing management accounts in the system.
List of predefined management accounts
Account name | Asset Type | Asset Category |
|---|---|---|
admin | FortiGate | Firewall |
admin | FortiAnalyzer | Security Devices |
administrator | Windows Server | Operating System |
administrator | Windows | Workstation |
administrator | Windows Active Directory | Directory Server |
en | Cisco | Router |
en | Cisco | Switch |
en | Cisco | Firewall |
root | Unix Based | Operating System |
root | MySQL | Database |
sa | Microsoft SQL | Database |
system | Oracle | Database |
To add a new management account, follow the steps below:
- Login to System and select PAM from the product navigator.
Navigate to the Setup→ Click on Account Defaults.
Click on +Add Account Default.
Asset Category: Select the desired asset category associated with the management account.
Asset Type: Select the desired asset category associated with the management account.
Scope: Management.
Account Name: Enter account name of the account.
Password (optional): Enter this account’s password on the associated asset types so that password management for these accounts can also be executed.
Domain (optional): Enter a domain name.
Click Save to save the management account configuration.
Editing existing management account
- Login to System and select PAM from the product navigator.
Navigate to the Setup→ Click on Account Defaults.
Click on edit for the desired account you want to change.
Do the required changes like modifying the account name, specifying a domain name, changing the account role, etc.
Click on Update to update the details in the system.
Related How-to Articles