Click HERE to see how Saviynt Intelligence is transforming the industry. |
11/27/2023 07:06 AM
Dear Team
We need your advice on the credential-less accounts passwords, whether the password is rotated by the Saviynt EIC for credential-less accounts.
As we are getting the prompt “ your password will expire within so & so Days, try changing your password”
Snapshot as below:
If the rotation is supported for credential less accounts can you guide us wherein, we need to change the configuration. We have added the below config at the endpointlevel as of now:
{"maxSessionWarnPeriodInSec":"100000","maxReqExpWarnPeriodInSec":"100000","maxSessionLimitInSec":"100000","maxConcurrentSession":"50","maxInActiveTimeInSec":"100000","maxInActiveWarnPeriodInSec":"100000","rotateKey":"true"}
If the rotation is not supported then do we need to make the account’s password expiry disabled at the server level (here it's a windows server).
Request you to throw some light so that we can guide appropriately to the client.
Thanks for your support.
Regards,
Manpreet Kaur
12/01/2023 09:37 AM
@Manpreet_Kaur : Based on configuration you have used it will rotate the password of credential less account after each check out. Below highlighted config will define that.
{"maxSessionWarnPeriodInSec":"100000","maxReqExpWarnPeriodInSec":"100000","maxSessionLimitInSec":"100000","maxConcurrentSession":"50","maxInActiveTimeInSec":"100000","maxInActiveWarnPeriodInSec":"100000","rotateKey":"true"}
Let say you requested credential-less account for 1hr then after 1hr password gets rotated. Provided you have respective configuration updated properly like change password JSON, Password Policy, regex etc.
12/07/2023 05:58 PM
Hi @Saathvik
Thanks for your revert.
As mentioned by you on the basis "rotatekey:true", the password should be rotated.
Since, the passwords are auto-injected & rotated with every new session launch so we are assuming that at the server level the password expiry should be pushed to further date but still, the message is prompted for "changing the password as it will expire in so & so days".
We have configured the Password rotation job in dev and looking into its working and behaviour.
Kindly help us for giving some more clarity.
Regards,
Manpreet Kaur
Manpreet Kaur
12/08/2023 08:56 AM - edited 12/08/2023 08:59 AM
@Manpreet_Kaur : Just FYI, Password Rotation Jar will be identifying the accounts whose passwords are not rotated for X days based on password policy associated to respective endpoint. This job is not at all involved in the process of password change that happens after each credential-less/credential sessions.
Password rotation happen in two scenarios
Scenario for Case:2 is let say my password policy 30 days. Now I have not done any credential-less/credential sessions on my account for more than 30 days. In that scenario my password will never get rotated based on Case:1 but still my password should rotate based on password policy which will be handled by Case:2.
Now coming to your issue couple of things I want to check is
12/01/2023 05:36 PM
You can disable the password expiry in the windows server and use the password rotation from saviynt. We do periodic password rotation for credential less accounts.
Thanks,