We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Password Checkout for Just-In Time (JIT) Account

suresh_ravuri
New Contributor III
New Contributor III

We're planning on configuring JIT for MS-SQL DB instances, but the client wants password checkout instead of session checkout. Is it possible ? if so then how to configure it?

3 REPLIES 3

sk
All-Star
All-Star

@suresh_ravuri :  As far as I know, JIT by default is a credential-less account, it is not possible to have credential JIT account. But in latest version you have option to view the password even for credential-less accounts, as an alternate option see if you can use this.

You can enable this in Global Configuration -> PAM -> Allow View Password

sk_0-1702401585597.png

After enabling global configuration, you have to enable View Password option on Account Level Config

sk_1-1702401768298.png

I would suggest to disable Enable Quick Access Mode with combination above settings so that user don't have to launch the session by default. 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

suresh_ravuri
New Contributor III
New Contributor III

@sk Thank you for your response.

 

how to enable View Password option for JIT accounts ?

@suresh_ravuri : I haven't personally used or tested this but try to use the parameter: IDQueryCredentiallessViewPwd in PAM_Config which is actually for credential-less not sure if it works for JIT process/account, but just give it a try.

For details refer: https://docs.saviyntcloud.com/bundle/CPAM-Admin-Guide-v23x/page/Content/L-Manage-Accounts/Manage-Acc...


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.