You create privileged and service accounts to manage account passwords on managed and disconnected systems. You use privileged and service accounts for different purposes:
Note: You cannot check-out and check-in service account passwords.
To create multiple accounts, use the discover privileged accounts wizard and the discover service accounts wizard to search for privileged and service accounts on the endpoints. To create a single account, provide the privileged or service account details in this window.
Follow these steps:
The Create Privileged Account: Select Privileged Account page appears.
A list of Privileged Accounts that match the filter criteria appears.
The General tab of the Create Privileged Account task page appears. If you created the privileged account from an existing object, the dialog fields are pre-populated with the values from the existing object.
Defines the name you want to refer to this privileged account by.
Note: Mainframe systems such as RACF, ACF, and Top Secret, use case-sensitive user names. Enter the account name in capital letters.
Specifies whether the account originates from a disconnected system.
If you select this option, SAM does not manage the account. Instead, it acts only as a password vault for privileged accounts of the disconnected system. Every time you change the password, you also need to manually change the account password on the managed endpoint.
Specifies whether the account is a shared (privileged) account or a service account.
Note: When you create a service account, SAM does not attempt to change the account password.
Specifies the name of a defined endpoint where your privileged or service accounts reside. CA ControlMinder Enterprise Management lists only those endpoints that are of the type you specified.
Specifies the type of endpoint where your privileged or service accounts reside.
Specifies the name of the container for the privileged or service account. A container is a class whose instances are collections of other objects. Containers are used to store objects in an organized way following specific access rules.
Specifies the password policy you want to apply to the privileged or service account.
Defines the password you want to use with the new privileged account.
Note: The new password must comply with the password policy you specify.
Defines the duration, in minutes, before the checked out account expires.
Specifies whether only a single user can use the account at any one time. An exclusive account is a restriction imposed on a privileged account that limits use of the account to a single user at a time.
Exclusive Session specifies that only a single user can use the account, if no open sessions are currently running on the endpoint.
Specifies whether you want CA ControlMinder Enterprise Management to change the password of the privileged account every time it is checked out.
Note: This option does not apply to service accounts.
Specifies whether you want CA ControlMinder Enterprise Management to change the password of the privileged account every time it is checked in by a user or a program, or when the checkout period expires.
Note: If the account is not exclusive, CA ControlMinder Enterprise Management generates a new privileged account password only when all users have checked in the account.
Note: This option does not apply to service accounts.
Specifies whether to allow password check-out only if a login application is defined for the endpoint.
Note: When this option is enabled, the user cannot display or copy the password to a clipboard.
If configured, CA ControlMinder Enterprise Management displays the password consumers that use the privileged account.
This tab lets you specify endpoint-specific attributes and use the attributes when you define or modify privileged access roles.
When a member of the access privileged role logs in to CA ControlMinder Enterprise Management, the user gains access to the privileged access accounts according to the attributes defined in the privileged access role.
Specify the name of the endpoint owner.
Specify a name of a department.
Example: Development
Specify up to five custom endpoint-specific attributes.
Note: Specify the custom attributes in the privileged access role Members tab, Member Policy section, Member Rule window.
CA ControlMinder Enterprise Management creates the new privileged or service account.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|