Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Change Service Account Password is not updating the credentials on Target when rotatekey=false

sk
All-Star
All-Star

‎10/24/2023 11:23 AM

Team,

We are trying to achieve use case Password management of Service Accounts which has following scenarios

  • Automatic password rotation based on password policy but NO rotation after each check-in/check-out

  • Manual rotation (Saviynt will not auto rotate the password until someone initiate the change password)

Two achieve this scenario we were told to update the Endpoint PAM Configuration and set rotateKey=false. Same has been discussed in this Managing Privileged Accounts Without Password Rotation 

sk_0-1698171746755.png

But when we use this setting and then initiate the change password of service account it simply updating the credentials in vault but not rotating on target. 

Is there a known issue or bug? Or is there anything we are missing on configuration?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos
1 REPLY 1

sk
All-Star
All-Star

‎10/30/2023 08:49 AM

We have a ticket opened for this and we were told that it is expected behaviour.

When rotateKey is set to false Saviynt treats the application as disconnected (though it is connected application) w.r.t to PAM and it simply updates the credentials in vault without connecting/syncing to target.

Since currently CPAM doesn't offer the use cases we are looking for, we have opened an IDEA# EIC-I-5205 . This IDEA covers below use cases along with existing features

  1. Automatic Rotation (based on password policy, with the option of whether to enable rotation on each check-in/check-out or not)

  2. Manual Rotation with automatic synchronization to target along with vaulting

If anyone looking for similar solution please upvote above IDEA


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos
Copyright © 2024 Khoros, LLC