Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Service account password synchronization with AD onDemand

Nagendra
New Contributor II
New Contributor II

Hi Team,

Our requirement is to manage service accounts using Saviynt, which involves vaulting the service accounts. However, we do not want the password to be automatically rotated. Instead, we want to change the password on demand by using the 'reset service account password' option, and ensure that the password is also updated in the corresponding endpoint, which in this case is Active Directory. We have successfully onboarded the service accounts from AD and performed the necessary bootstrapping.

However, when the 'rotateKey' configuration in the Service Account endpoint is set to 'false', the password does not get rotated. And when we attempt to reset the service account password, we encounter an error message stating, 'Endpoint Active Directory Service Account has rotateKey disabled, hence skipping rotate password.'

On the other hand, when we set 'rotateKey' to 'true' and reset the password, the change is reflected only in Saviynt, and not in the AD endpoint.

Do we have any steps or solution to achieve the password synchronization in AD OnDemand.

We checked below forums for issues.

Solved: error while retrieving an credential for domain ac... - Saviynt Forums - 30567

Manage Service account via CPAM with manual passwo... - Saviynt Forums - 32685

2 REPLIES 2

NageshK
Saviynt Employee
Saviynt Employee

@Nagendra Thanks for posting your question. I believe this is an issue that got resolved in the later versions of the product. I will verify it internally once and confirm. 

Thanks

Nagesh K

jdfranco
New Contributor III
New Contributor III

Is there any update on this?