Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/21/2023 11:10 AM
Team,
Wanted to check if we can convert credential account to credential-less account or vice versa?
Use case:
Currently we have onboarded accounts as credential accounts on specific PAM enabled Endpoints. Now we want them to convert as credential-less accounts. How can we achieve this?
I know if the list is few we can simply remove the account config and run the bootstrap again by making necessary PAM_CONFIG changes at connection level(to detect the accounts as credential-less)
But here we are talking about bulk accounts, So trying to see if there is any suggested method to achieve such scenarios in simpler way?
Solved! Go to Solution.
09/08/2023 09:43 AM
@Saathvik Thanks for posting your question. This will depend on the target. If the target is unix, we do have to remove the existing accountConfig and rebootstrap by specifying them under IDQueryCredentialless.
For targets other than unix, you do not need to remove the existing account config. You can simply update the pamType field from credential to credentialless in account config.
You can use the enhanced query execution job to update in bulk. This way you can avoid rebootstrapping the accounts.
Thanks
Nagesh K
10/03/2023 09:49 AM