Password Action Notification

With the help of Password Action Notification feature, notifications can be sent out to resource users and/or other users as desired by administrators, whenever any action is performed on a password. For instance, when a password is accessed or altered, password share is changed, password has expired, password policy is violated or passwords are out of sync. You can configure email notifications to be sent out on the occurrence of specific events as mentioned above.

In addition to notifications, especially when password shares are changed or when passwords expire, you can also configure password reset actions to be performed automatically by PAM360. Password Action Notifications can be configured only at a resource-group level.

This document walks you through the below topics:

  1. Configuring Password Action Notifications for a Resource Group
  2. Configuring Password Reset Actions along with Notifications

1. Configuring Password Action Notifications for a Resource Group

  1. Go to Groups tab and click the Actions icon against the group for which you need to enable action notifications and select Configure Notifications from the dropdown list.

  2. A pop-up form will open. Click on the action for which you wish to send notifications. The various password actions are:
    1. Password Accessed - When a user views the password.
    2. Password Changed - When a password is changed.
    3. Password Share Changed - When a password share permission is changed.
    4. Password Expired - When the validity of a password ends.
    5. Password Policy Violated - When a password is in violation to the password policy defined.
    6. Password Out of Sync - When passwords stored in PAM360 differ with those of the resources.

    7. In order to enable notifications for desired password actions, you have to specify the list of recipients for each action as explained below:
    8. Owner - owner of the password.
    9. Users having access to passwords - users with whom the password has been shared by the owner, with any of the access permissions (View Only / Modify / Full Access). This will apply only to the users who possess access to the password right at the time when this notification is generated.
    10. Users - any other specific user(s) apart from the above two recipients. Desired users can be selected by clicking on the link against this option.
    11. User Groups - users from a specific user group(s). Desired user groups can be selected by clicking on the link against this option.

    12. Specify E-mail Address - to generate notifications to specified list of email aliases or email addresses. For multiple email IDs, separate the entries with a comma.
  3. Apart from the above, you can also generate SNMP Traps to your network management system. Before selecting these options in the Configure Password Actions window, make sure you have globally configured these settings under Admin >> SNMP Trap. Refer to related help doc here.

2. Configuring Password Reset Actions along with Notifications

  1. In addition to sending notifications, you also have the option to effect automatic password resets for the actions Password Share Changed, Password Expired and Password Policy Violated.

    For example,

    • When the share for a password is removed, if you wish to automatically reset the password, you may do so by selecting the checkbox Reset the password when a share is removed.
    • When a password expires - in case validity period has been set earlier while defining password policies, you can enable Reset passwords upon expiry.
    • When passwords are in violation of their associated policy, enable Reset passwords upon violation under Password Policy Violated.
  2. Once you have enabled desired notification and reset options, click Save.

Notes:

  1. In all the above actions, email notifications are sent to the specified recipients. You have the option to customize the email content. Refer to Email Templates for complete details.
  2. Password reset action is applicable and performed only for passwords for those that are currently supported and/or correctly configured, using either agent-based or agentless modes.

 

Top