Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/19/2023 03:23 AM
Hi Team,
Our requirement is to manage service accounts using Saviynt, which involves vaulting the service accounts. However, we do not want the password to be automatically rotated. Instead, we want to change the password on demand by using the 'reset service account password' option, and ensure that the password is also updated in the corresponding endpoint, which in this case is Active Directory. We have successfully onboarded the service accounts from AD and performed the necessary bootstrapping.
However, when the 'rotateKey' configuration in the Service Account endpoint is set to 'false', the password does not get rotated. And when we attempt to reset the service account password, we encounter an error message stating, 'Endpoint Active Directory Service Account has rotateKey disabled, hence skipping rotate password.'
On the other hand, when we set 'rotateKey' to 'true' and reset the password, the change is reflected only in Saviynt, and not in the AD endpoint.
Do we have any steps or solution to achieve the password synchronization in AD OnDemand.
We checked below forums for issues.
Solved: error while retrieving an credential for domain ac... - Saviynt Forums - 30567
Manage Service account via CPAM with manual passwo... - Saviynt Forums - 32685
05/23/2023 01:45 PM
@Nagendra Thanks for posting your question. I believe this is an issue that got resolved in the later versions of the product. I will verify it internally once and confirm.
Thanks
Nagesh K
06/23/2023 11:43 AM
Is there any update on this?