Scheduled Password Rotation

(Feature available only in Premium Edition)

Shared administrative passwords are prone to misuse even in a very secure environment and periodic rotation of passwords is very much needed. Manually changing the passwords one-by-one would prove to be laborious. PMP helps in automating the process of changing the passwords periodically for which remote password reset is supported in PMP. Scheduled Password Rotation can be done only at the resource group level.

The prerequisite for using this feature is the proper configuration of password reset either by agentless mode or by deploying agents in the remote resource.

Multiple options are available to set the periodicity of password rotation. Notifications are generated both before and after the password reset task is run, with a consolidated report of the results for each password.

To add a schedule for rotating passwords of the resources of a group,

  • Go to "Resources" tab in the web interface
  • Click "Resource Groups" tab (alternatively, you can launch this page directly through the "Add Resource Group" link under the "Links" drop-down)
  • Click the icon present against the resource group for whose resources password rotation is to be enabled
  • In the UI that opens up, the required schedule can be created through the following four-step process

Step 1 Settings for sending notification prior to password rotation,

When a password is scheduled to be rotated at a specified time, the users who have access to the present password(s) are to be informed about the rotation operation beforehand - say for example, a day prior to the rotation. Apart from the users directly connected with the passwords to be rotated, any other user could also be informed of the scheduled rotation on need basis.

Pre-Notification Timing

  • You can choose to send the notification anytime a week prior to the actual rotation schedule. The notification could be sent even a minute prior to the rotation. Select the number of days and/or hours and/or minutes prior to which the notification is to be sent.
  • Specify the recipients of the notification -
    • Users having access to the passwords - users who possess any one of the share permissions (read only, read and write, manage) for the password, at the time when notification is generated
    • Other Users/ User Groups - any other specific user(s) (to be selected from the list)
    • Email ids - to generate notifications to specified list of email aliases or email addresses
    • Click "Next"

Step 2 Specify the new password to be used

  • You have the option to specify the new password(s) to be used for resources after rotation.
  • You can either choose to allot randomly generated, unique passwords to the accounts based on the password policy set for the group or you can allot a new, common password to all the resources (in accordance with the password policy already specified for the group)
  • You can also assign the same password to all user accounts, with the condition that the password should be changed during every schedule
  • Select the required choice and click "Next"

Step 3 Specify the rotation schedule

Actual creation of the schedule for password rotation is done in this step. The schedule can be for one-time rotation or it could be for a recurring one at periodic intervals. Depending on your requirements, choose any one among the options - Once / Days / Monthly / Never. After selecting the option, specify other details as required and click "Next"

Step 4 Settings for sending notification after password rotation

Immediately after the completion of password rotation process, notification could be sent to all those who have access to the passwords regarding the completion of the rotation. Apart from the users directly connected with the passwords to be rotated, any other user could also be informed of the rotation on need basis.

  • Specify the recipients of the notification -
    • Users having access to the passwords - users who possess any one of the share permission (read only, read and write, manage) for the password, at the time when notification is generated
    • Other Users/ User Groups - any other specific user(s) as selected from the list
    • Email ids - to generate notifications to specified list of email aliases or email addresses
    • Click "Finish"
    • The required password rotation schedule has been created. The setting could be saved as a template for use with configuring password reset schedule for another resource group.

©2014, ZOHO Corp. All Rights Reserved.

Top