PARTNERS - Please join us for our upcoming webinar:
Leveraging Intelligent Recommendations for Operational Transformation.
AMS Partners click HERE | EMEA/APJ Partners click HERE

Service Account Discovery, Onboard and Rotate Passwords

suresh_ravuri
New Contributor III
New Contributor III

We are planning to discover and onboard following Service accounts to Saviynt and rotate passwords on a regular basis.

  • Windows Services
  • Schedule Tasks
  • IIS Pools
  • Configuration files (XML, INI)
  • Scripts (PS or Python or Java)
  • DevOps Pipelines

Is there a way to discover dependencies for Service accounts ?

Where to update Service account dependencies ?

If Service required a restart after password change, Is there a way to restart service from Saviynt ?

How to monitor password change activity for Service accounts ?

4 REPLIES 4

Gulshan
Saviynt Employee
Saviynt Employee

We have support to discover service accounts in windows services like Task Schedulers, COM+ Objects, Windows Services. These can be discovered and their passwords can be rotated.

Discovery of below type of service accounts and rotation of their password is not supported yet:

  • IIS Pools
  • Configuration files (XML, INI)
  • Scripts (PS or Python or Java)
  • DevOps Pipelines

suresh_ravuri
New Contributor III
New Contributor III

Thank you @Gulshan for the response.

Please provide the steps to discover and manage credentials for Service accounts.

Also please confirm, Is it possible to provision JIT service accounts on Windows/Linux/DB through Saviynt ?

JIT process is not there for service accounts.  Currently JIT process is only for user privileged accounts which are correlated to that specific user.


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

suresh_ravuri
New Contributor III
New Contributor III

Is there a way to implement the below use-case ?


Use-case: Onboard least privileged Azure service account and configure Role-based JIT


Description: Discover and onboard a least privileged service accounts from the Azure cloud to Saviynt CPAM, and then configure the Role-based JIT so that the service account elevated when the scheduled job is executed.