Periodic Password Reset
IT security best practices recommend that passwords of sensitive resources must be reset periodically to prevent unauthorized access. PAM360's periodic password reset feature helps you achieve this by automating the process of scheduled password rotation, thereby eliminating manual password change procedures. While PAM360 provides remote password reset support for a wide range of individual target systems, scheduled password rotation can be done only at a resource group level. Password resets can be carried out either by agent-less mode or by deploying PAM360 agents in the remote resource.
Multiple options are available to setup the periodicity of password resets. And, notifications can be generated at each stage of the execution of the scheduled task. In addition, password reset history is also maintained within PAM360.
Steps required for the Periodic Password Reset
You can do the Periodic Password Reset by creating scheduled tasks for the resource groups. Following are the steps for scheduling a task for an example resource group.
- Click the Groups tab from the left pane. Click Actions >> Periodic Password Reset.
- The Periodic Password Reset window pops up which guides you through a four-step process for scheduling the password reset.
The steps are as follows:
Step 1: Notify before password reset
When passwords are scheduled to be reset at a specific time, notifications can be sent to the users beforehand to keep them informed on the reset operation.To send notifications,
- Select the number of days and/or hours and/or minutes prior to which the notification is to be sent.
- You can also specify the list of recipients to receive the notification.
- Users who have access to specified passwords: Users who possess any one of the share permissions (read only/read and write/manage) for the password, at the time when notification is generated.
- Select Users From List: Any other specific user(s) to be selected from the list.
- Specify Email Addresses: To generate notifications to specified list of email aliases or email addresses.
- Click "Next".
Step 2: Password allocation
Here there are three different ways in which you can allocate passwords for the group:
- When specifying a new password, you can choose to allot a randomly generated unique password to the accounts. This random password will be based on the password policy set for the account.
- You can specify a new password in the text field provided and allot the same to all the accounts in the particular group. This password will take after the password policy that is set for the resource group.
- You can also assign the same password to all user accounts, on condition that the password is changed during every schedule. This password will take after the password policy that is set for the resource group.
- Select the required choice and click "Next"
Step 3: Reset periodicity
This step specifies the actual creation of the schedule for password reset. The reset can be performed one-time or it could be set to recur at periodic intervals.To specify the reset schedule:
- Select from the options: Once/Days/Monthly/Never and specify the required details and click Next.
Step 4: Notify After
After the completion of password reset schedule, you can configure notifications to be sent regarding the password reset to all those who have access to the passwords.To send notifications, specify the recipients for notifications:
- Users having access to passwords: Users who possess any one of the share permissions (read only/read and write/manage) for the password, at the time when notification is generated.
- Select users from list: Any other specific user(s) to be selected from the list of users.
- Specify Email addresses: to generate notifications to specified list of email aliases or email addresses.
Check the required boxes and click "Finish". The required password reset schedule has been created.