CPAM queries

New Contributor III
New Contributor III
  1. Currently, periodic password rotation occurs based on the password expiration set in the password policy in Saviynt. Is there an option to initiate password rotation on an ad hoc basis, even before the password's scheduled expiration?
  2. The extension of privilege session timing currently lacks an approval process. Could the configuration be adjusted to require an approval process for extending privilege sessions?
  3. Can we set up a periodic scheduling for the PAM bootstrap job (import job) for onpremises workloads , across all PAM-enabled endpoints?
  4. Does the periodic password reconciliation also apply to the connection master accounts?

Saviynt Employee
Saviynt Employee

@56723 Please find below the responses:

1. Yes, this can be done manually by navigating to Admin -> Identity Repository -> Accounts and search for the specific account and performing the below actions

       - Click on "Edit" against Account Config (in account details page) of the selected account 

       - Toggle the PAM Enabled button to Off and save

       - Now, click on "Edit" against Account Config, Toggle the PAM Enabled to On and Save

       - This will create a Change Password task for the account. Once the change pwd task is
          provisioned, the password is considered rotated

2. This is not supported as of today. You can open an enhancement request in ideas portal

3. How many total endpoints are onboarded? And is this being done primarily for account reconciliation?

4. Yes, periodic password rotation applies to connection accounts too. However, there seems to be an issue with the out of the box analytic control where it is not picking up connection accounts. There is an open ticket for this issue. 


Nagesh K