Periodic Password Reset
IT security best practices recommend the periodic password change of sensitive resources to prevent unauthorized access. The periodic password reset feature of Password Manager Pro helps you achieve this by automating the process of scheduled password rotation, thereby eliminating manual password change procedures. Password Manager Pro provides remote password reset support for a wide range of individual target systems. However, scheduled password rotation is possible at the resource group level only. Password resets can be carried out either by agent-less mode or by deploying Password Manager Pro agents in the remote resources.
Multiple options are available to setup the periodicity of password resets. It is possible to generate notifications at each stage of the execution of the scheduled task and also maintain the password reset history.
Steps Required
Periodic Password Resets are done by creating scheduled tasks for the resource groups. Following are the steps required to schedule a task for a resource group:
- Click the Groups tab from the left pane. Click Actions >> Periodic Password Reset beside the required resource group.
- The Periodic Password Reset window pops up which guides you through a five-step process for scheduling the password reset. The steps are as follows:
Step 1: Notify Before Password Reset
When passwords are scheduled to be reset at a specific time, notifications can be sent to the users beforehand to keep them informed on the reset operation.
To send notifications:
- Select the number of day(s) and/or hour(s) and/or minute(s) prior to which the notification is to be sent.
- You can also specify the list of recipients to receive the notification.
- Users having access to the passwords: Users who possess any one of the share permissions (read only/read and write/manage) for the password, at the time when notification is generated.
- Select Users From List: Any other specific user(s) to be selected from the list.
- Specify Email Addresses: To generate notifications to specified list of email aliases or email addresses.
- Click Next.
Step 2: Password Allocation
There are three different ways by which you can allocate passwords for the group:
- When specifying a new password, you can choose to randomly generate a unique password for every account. This random password will be based on the password policy set for the account.
- You can specify a new password in the text field provided and allot the same to all the accounts in the particular group. This password will take after the password policy that is set for the resource group.
- You can also choose to assign the same password to all user accounts, on condition that the password is changed during every schedule. This password will take after the password policy that is set for the resource group.
- Select the required choice and click Next.
Step 3: Reset Periodicity
This step specifies the actual creation of the schedule for password reset. The reset can be performed one-time or it could be set to recur at periodic intervals.
To specify the reset schedule:- Select from the options: Once/Day(s)/Monthly/Never and specify the required details and click Next.
Step 4: Reset Retry
Once you have finished creating the actual password reset schedule, you may proceed to configure the password reset retry settings, which is useful when a periodic password reset failure occurs. With this setting enabled, the password reset will be re-attempted after every failure at the specified retry intervals within the specified number of attempts.
- Select the checkbox to Retry password reset during a failure.
- Enter the Number of retries to attempt (upto 5) after a failed periodic password reset.
- Mention the Retry interval (upto 24 hours) at which Password Manager Pro should attempt the password reset again and click Next.
Step 5: Notify After
Configure to send notifications regarding the password reset to all those who have access to the passwords.
- To send notifications, specify the recipients for notifications.
- Users having Access to Passwords: Users who possess any one of the share permissions (read only/read and write/manage) for the password, at the time when notification is generated.
- Select Users from List: Any other specific user(s) to be selected from the list of users.
- Specify Email Addresses: To generate notifications to specified list of email aliases or email addresses.
- Select the required checkboxes and click Finish.
You have successfully created a password reset schedule.
Password Manager Pro also allows you to manage and modify a user created schedule.