Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password Checkout for Just-In Time (JIT) Account

suresh_ravuri
New Contributor III
New Contributor III

‎12/11/2023 12:05 PM

We're planning on configuring JIT for MS-SQL DB instances, but the client wants password checkout instead of session checkout. Is it possible ? if so then how to configure it?

0 Kudos
3 REPLIES 3

Saathvik
All-Star
All-Star

‎12/12/2023 09:33 AM

@suresh_ravuri :  As far as I know, JIT by default is a credential-less account, it is not possible to have credential JIT account. But in latest version you have option to view the password even for credential-less accounts, as an alternate option see if you can use this.

You can enable this in Global Configuration -> PAM -> Allow View Password

sk_0-1702401585597.png

After enabling global configuration, you have to enable View Password option on Account Level Config

sk_1-1702401768298.png

I would suggest to disable Enable Quick Access Mode with combination above settings so that user don't have to launch the session by default. 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

suresh_ravuri
New Contributor III
New Contributor III

‎12/13/2023 04:47 PM

@Saathvik Thank you for your response.

 

how to enable View Password option for JIT accounts ?

0 Kudos

Saathvik
All-Star
All-Star
In response to suresh_ravuri

‎12/14/2023 07:32 AM

@suresh_ravuri : I haven't personally used or tested this but try to use the parameter: IDQueryCredentiallessViewPwd in PAM_Config which is actually for credential-less not sure if it works for JIT process/account, but just give it a try.

For details refer: https://docs.saviyntcloud.com/bundle/CPAM-Admin-Guide-v23x/page/Content/L-Manage-Accounts/Manage-Acc...


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos
Copyright © 2024 Khoros, LLC