Shared Accounts Management (SAM) is the process through which an organization secures, manages, and tracks all activities associated with the most powerful accounts within the organization. Before you can begin using shared account passwords, you complete several steps that set up CA ControlMinder Enterprise Management for SAM. Users can then start working with the shared accounts that you define.
The following process explains the tasks that users in your enterprise must complete to set up shared accounts. Users must have the specified role to complete each process step. A user with the System Manager admin role can perform every CA ControlMinder Enterprise Management task in this process.
Note: Before you begin this process, verify that email notification is enabled in CA ControlMinder Enterprise Management. If CA ControlMinder Enterprise Management cannot display a password to a user, it emails the password to the user instead.
To set up shared accounts, users do the following:
Note: If you use Active Directory as your user store, we recommend that you modify each member policy to point to a corresponding Active Directory group. You can then add or remove users from a role by adding or removing them from the corresponding Active Directory group. This greatly simplifies administrative overhead.
Note: Only a manager can approve shared account requests that the user makes. If you use Active Directory as your user store, verify that each user's manager is specified in Active Directory.
Integrating with CA Service Desk Manager lets you create multiple approval processes for privileged account requests.
The following diagram illustrates the privileged access role that performs each process step:
Copyright © 2013 CA Technologies.
All rights reserved.
|
|