Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Can we convert Credential Accounts to Credentialless Accounts or vice versa?

Saathvik
All-Star
All-Star

Team,

Wanted to check if we can convert credential account to credential-less account or vice versa?

Use case:

Currently we have onboarded accounts as credential accounts on specific PAM enabled Endpoints. Now we want them to convert as credential-less accounts. How can we achieve this?

I know if the list is few we can simply remove the account config and run the bootstrap again by making necessary PAM_CONFIG changes at connection level(to detect the accounts as credential-less)

But here we are talking about bulk accounts, So trying to see if there is any suggested method to achieve such scenarios in simpler way?

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
2 REPLIES 2

NageshK
Saviynt Employee
Saviynt Employee

@Saathvik Thanks for posting your question. This will depend on the target. If the target is unix, we do have to remove the existing accountConfig and rebootstrap by specifying them under IDQueryCredentialless. 

For targets other than unix, you do not need to remove the existing account config. You can simply update the pamType field from credential to credentialless in account config. 
You can use the enhanced query execution job to update in bulk. This way you can avoid rebootstrapping the accounts.

Thanks

Nagesh K 

@NageshK : In our case we are talking about Database privileged accounts. would you be able to share the sample query to be used in enhanced query execution job?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.