|
|
|
You create privileged accounts to manage account passwords on managed and disconnected systems. You use privileged accounts to let users check out and check in privileged account passwords, create a privileged account.
To create multiple accounts, use the Discover Privileged Accounts wizard to search for privileged on the endpoints. If you want to create a single account, provide the privileged or service account details in this window.
Follow these steps:
The Create Privileged Account: Select Privileged Account page appears.
A list of Privileged Accounts that match the filter criteria appears.
The General tab of the Create Privileged Account task page appears. If you created the privileged account from an existing object, the dialog fields are prepopulated with the values from the existing object.
Defines the name you want to refer to this privileged account by.
Note: Mainframe systems such as RACF, ACF, and Top Secret, use case-sensitive user names. Enter the account name in capital letters.
Specifies whether the account originates from a disconnected system.
If you select this option, PUPM does not manage the account. Instead, it acts only as a password vault for privileged accounts of the disconnected system. Every time you change the password, also change the account password on the managed endpoint manually.
Specifies whether the account is a shared (privileged) account or a service account.
Note: When you create a service account, PUPM does not attempt to change the account password.
Specifies the name of a defined endpoint where your privileged accounts reside. CA Access Control Enterprise Management lists only those endpoints that are of the type you specified.
Specifies the type of endpoint where your privileged or service accounts reside.
Specifies the name of the container for the privileged or service account. A container is a class whose instances are collections of other objects. Containers are used to store objects in an organized way following specific access rules.
Specifies the password policy you want to apply to the privileged or service account.
Defines and verifies the password to use with the new privileged account.
Note: The new password must comply with the password policy you specify.
Defines the duration, in minutes, before the checked out account expires.
Specifies whether only a single user can use the account at any one time. An exclusive account is a restriction imposed on a privileged account that limits use of the account to a single user at a time.
Specifies whether you want CA Access Control Enterprise Management to change the password of the privileged account every time it is checked out.
Note: This option does not apply to service accounts.
Specifies whether you want CA Access Control Enterprise Management to change the password of the privileged account every time it is checked in by a user or a program, or when the checkout period expires.
Note: If the account is not exclusive, CA Access Control Enterprise Management generates a new privileged account password only when all users have checked in the account.
Note: This option does not apply to service accounts.
Specifies whether to allow password check out only if a login application is defined for the endpoint.
Note: When this option is enabled, the user cannot display or copy the password to a clipboard.
Click Submit.
CA Access Control Enterprise Management creates the new privileged account.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |