Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Need information on the Change Password flow for the automatic password rotation for Custom Apps

New Contributor III
New Contributor III

Hi Team,

Could someone confirm if the below understanding of the Change Password flow for automatic password rotation of local admin account of Custom Apps is correct:

Automatic Password Rotation for Custom Apps: when we go to the manual password update via Home--->Change Password for Service Account

1. The user enters the password (123) for the local admin account for the first time. 2.User submits the request. 3.A Change Password task is triggered, and the password is updated in Vault. 4.Now, the ConnectionJSON is invoked, which in turn establishes a connectivity to the target system using the Master Account credentials present in that ConnectionJSON. 5.The Master Account logs into the target system 6. Now the ChangePasswordJSON process is invoked where the Master Account tries to reset the same password (123) which user has entered in Step 1 using the ChangePasswordAPI. 7.Once it sets the password on both Saviynt and then the target system same, the ChangePassword task is marked as complete. 


Saviynt Employee
Saviynt Employee

@gazanjum Thanks for posting your question. 

Yes, your understanding is correct. 


Nagesh K

New Contributor II
New Contributor II

Hi @NageshK 

Following up on Gazala's request - 

This is what Saviynt Support team mentioned -"Once it sets the password change succeeds in Target then password is updated in vault and the ChangePassword task is marked as complete"

However what we have been hearing from Nirav is that the password change first happens on the vault and then on the target application .

Can you please confirm this notion ?




Saviynt Employee
Saviynt Employee

Hi Aryan,

 There may have been a misunderstanding, password change is triggered in Saviynt, and a random password is generated based on password policy for the endpoint. Saviynt application will attempt to update the random password first in target to ensure that the new password is successful and based on response from target application it updates the password in the vault.