Setting up password management
Password management can be scheduled periodically using a rotation policy or ad-hoc password changes. This section describes procedures and practices for setting up a password management module.
The system uses a queue management system to schedule and run password change jobs. Such jobs are auto-scheduled and executed by the PasswordManagementService
App service.
Before you begin
You have an understanding of the network architecture and the types of passwords you want to change.
You have access to password policies to be configured in the system.
You can configure change and alert notifications for password changes.
Basics of password management configuration
Irrespective of your need to change your password based on a schedule or Adhoc reconciliation, you need to set up the following settings:
Step | Purpose |
---|---|
Define reconciliation or management accounts for ensuring password resets. | |
Define password complexity structure | |
To setup rules for workflow-based password checkout rules. |
Scheduling automated password change policies
Step | Purpose |
---|---|
To set up password change rules for different asset type classes. |
On-demand password change
On-demand password change lets you reset or change privileged account passwords across multiple assets. On-demand password change helps you change passwords without logging onto the corresponding assets. This is useful in scenarios wherein you want to change your password from PAM for an account you don’t want to be included in a schedule password change job. Procedure for On-Demand Password Change.
- Login to Sectona and select PAM from the product navigator.
Navigate to Manage → Password Manager → New Job tab will be opened.
Select the desired Asset Type.
Select an account on which you want to change the password.
Enter a custom Job Description (optional).
- Provide Account Category, Asset Owner, and Asset Location (optional).
- For out-of-sync accounts, select the Out of Sync checkbox, and select the required option from the Password Age drop-down menu. Clear the Out of Sync checkbox to select the required Password Age for all synced accounts.
- Click on Show to view the list of accounts.
Make sure to select Immediate Processing to trigger the password change job immediately.
- Select the accounts and add the Description and Recipient Email details.
Click on the Submit button to submit the password change job.
Tick the Show only Account with Enforce Password Change checkbox to list the accounts with enforce password change.
Viewing job status
All password job status can be viewed as per the below schedule:
- Login to Sectona and select PAM from the product navigator.
Navigate to Manage → Password Manager → Click on Filter.
Select the dates from the drop-down to view the Job History.
- Tick the Show only Pending Jobs checkbox to see only pending password jobs.
You will be displayed by following the Status on a password job. Type of status are as follows:
Pending: When a job is being executed or waiting for the Account Password Change Service to be started.
Success: When a password change is completed.
Failed: This status comes when the password change fails due to an error.
To further investigate a failed job, click on the job title to open the details and click on the Failed status button → A pop-up will display the error.
Termination of a password job
To terminate a password job with pending status, follow the below-mentioned steps:
- Login to Sectona and select PAM from the product navigator.
- Navigate to Manage → Password Manager
- Select Filter and tick the Show only Pending Jobs checkbox to see only pending password jobs.
- Click on the Terminate icon next to the description to terminate the password job.
- You will be asked for confirmation.
- Click Yes.
- The password job will be terminated with the status as Processed and Action Status as failed.
Icon | Title |
---|---|
Terminate |
Related How-to Articles