Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Change Service Account Password is not updating the credentials on Target when rotatekey=false

Saathvik
All-Star
All-Star

Team,

We are trying to achieve use case Password management of Service Accounts which has following scenarios

  • Automatic password rotation based on password policy but NO rotation after each check-in/check-out

  • Manual rotation (Saviynt will not auto rotate the password until someone initiate the change password)

Two achieve this scenario we were told to update the Endpoint PAM Configuration and set rotateKey=false. Same has been discussed in this Managing Privileged Accounts Without Password Rotation 

sk_0-1698171746755.png

But when we use this setting and then initiate the change password of service account it simply updating the credentials in vault but not rotating on target. 

Is there a known issue or bug? Or is there anything we are missing on configuration?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
1 REPLY 1

Saathvik
All-Star
All-Star

We have a ticket opened for this and we were told that it is expected behaviour.

When rotateKey is set to false Saviynt treats the application as disconnected (though it is connected application) w.r.t to PAM and it simply updates the credentials in vault without connecting/syncing to target.

Since currently CPAM doesn't offer the use cases we are looking for, we have opened an IDEA# EIC-I-5205 . This IDEA covers below use cases along with existing features

  1. Automatic Rotation (based on password policy, with the option of whether to enable rotation on each check-in/check-out or not)

  2. Manual Rotation with automatic synchronization to target along with vaulting

If anyone looking for similar solution please upvote above IDEA


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.