Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/09/2023 12:32 PM
Hi Team,
Could someone confirm if the below understanding of the Change Password flow for automatic password rotation of local admin account of Custom Apps is correct:
Automatic Password Rotation for Custom Apps: when we go to the manual password update via Home--->Change Password for Service Account
1. The user enters the password (123) for the local admin account for the first time. 2.User submits the request. 3.A Change Password task is triggered, and the password is updated in Vault. 4.Now, the ConnectionJSON is invoked, which in turn establishes a connectivity to the target system using the Master Account credentials present in that ConnectionJSON. 5.The Master Account logs into the target system 6. Now the ChangePasswordJSON process is invoked where the Master Account tries to reset the same password (123) which user has entered in Step 1 using the ChangePasswordAPI. 7.Once it sets the password on both Saviynt and then the target system same, the ChangePassword task is marked as complete.
05/10/2023 07:35 AM
05/16/2023 01:07 AM
Hi @NageshK
Following up on Gazala's request -
This is what Saviynt Support team mentioned -"Once it sets the password change succeeds in Target then password is updated in vault and the ChangePassword task is marked as complete"
However what we have been hearing from Nirav is that the password change first happens on the vault and then on the target application .
Can you please confirm this notion ?
Thanks
Aryan
05/16/2023 02:30 PM - edited 05/16/2023 02:30 PM
Hi Aryan,
There may have been a misunderstanding, password change is triggered in Saviynt, and a random password is generated based on password policy for the endpoint. Saviynt application will attempt to update the random password first in target to ensure that the new password is successful and based on response from target application it updates the password in the vault.
Regards,
Nirav