and more in a single search tool across platforms. Read the announcement here. |
10/24/2023 11:23 AM
Team,
We are trying to achieve use case Password management of Service Accounts which has following scenarios
Automatic password rotation based on password policy but NO rotation after each check-in/check-out
Manual rotation (Saviynt will not auto rotate the password until someone initiate the change password)
Two achieve this scenario we were told to update the Endpoint PAM Configuration and set rotateKey=false. Same has been discussed in this Managing Privileged Accounts Without Password Rotation
But when we use this setting and then initiate the change password of service account it simply updating the credentials in vault but not rotating on target.
Is there a known issue or bug? Or is there anything we are missing on configuration?
10/30/2023 08:49 AM
We have a ticket opened for this and we were told that it is expected behaviour.
When rotateKey is set to false Saviynt treats the application as disconnected (though it is connected application) w.r.t to PAM and it simply updates the credentials in vault without connecting/syncing to target.
Since currently CPAM doesn't offer the use cases we are looking for, we have opened an IDEA# EIC-I-5205 . This IDEA covers below use cases along with existing features
Automatic Rotation (based on password policy, with the option of whether to enable rotation on each check-in/check-out or not)
Manual Rotation with automatic synchronization to target along with vaulting
If anyone looking for similar solution please upvote above IDEA