Periodic Password Reset

IT security best practices recommend that passwords of sensitive resources must be reset periodically to prevent unauthorized access. PAM360's periodic password reset feature helps you achieve this by automating the process of scheduled password rotation, thereby eliminating manual password change procedures. While PAM360 provides remote password reset support for a wide range of individual target systems, scheduled password rotation can be done only at a resource group level. Password resets can be carried out either by agent-less mode or by deploying PAM360 agents in the remote resource.

Multiple options are available to setup the periodicity of password resets. And, notifications can be generated at each stage of the execution of the scheduled task. In addition, password reset history is also maintained within PAM360.

You can do the Periodic Password Reset by creating scheduled tasks for the resource groups.

Steps Required

  1. Initiating Password Reset
  2. Scheduling Password Reset

    2.1 Notify Before Password Reset

    2.2 Password Allocation

    2.3 Reset Periodicity

    2.4 Reset Retry

    2.5 Notify After

1. Initiating Password Reset

  1. Click the Groups tab from the left pane. Click Actions >> Periodic Password Reset.

  2. The Periodic Password Reset window pops up which guides you through a four-step process for scheduling the password reset.

2. Scheduling Password Reset

2.1 Notify Before Password Reset

When passwords are scheduled to be reset at a specific time, notifications can be sent to the users beforehand to keep them informed on the reset operation.

To send notifications,
  1. Select the number of days and/or hours and/or minutes prior to which the notification is to be sent.
  2. You can also specify the list of recipients to receive the notification.

    i. Users who have access to specified passwords: Users who possess any one of the share permissions (read only/read and write/manage) for the password, at the time when notification is generated.

    ii. Select Users From List: Any other specific user(s) to be selected from the list.

    iii. Specify Email Addresses: To generate notifications to specified list of email aliases or email addresses.

  3. Click Next.

2.2 Password Allocation

Here there are three different ways in which you can allocate passwords for the group:

  1. When specifying a new password, you can choose to allot a randomly generated unique password to the accounts. This random password will be based on the password policy set for the account.
  2. You can specify a new password in the text field provided and allot the same to all the accounts in the particular group. This password will take after the password policy that is set for the resource group.
  3. You can also assign the same password to all user accounts, on condition that the password is changed during every schedule. This password will take after the password policy that is set for the resource group.
  4. Select the required choice and click Next.

2.3 Reset Periodicity

This step specifies the actual creation of the schedule for password reset. The reset can be performed one-time or it could be set to recur at periodic intervals.

To specify the reset schedule:

  • Select from the options: Once/Days/Monthly/Never and specify the required details and click Next.

2.4 Reset Retry

Once you have finished creating the actual password reset schedule, you may proceed to configure the password reset retry settings, which is useful when a periodic password reset failure occurs. With this setting enabled, the password reset will be re-attempted after every failure at the specified retry intervals within the specified number of attempts.

  1. Select the checkbox to Retry password reset during a failure.
  2. Enter the Number of retries to attempt (up to 5) after a failed periodic password reset.
  3. Mention the Retry interval (up to 24 hours) at which PAM360 should attempt the password reset again and click Next.

2.5 Notify After

After the completion of password reset schedule, you can configure notifications to be sent regarding the password reset to all those who have access to the passwords.

To send notifications, specify the recipients for notifications:

  • Users having access to passwords: Users who possess any one of the share permissions (read only/read and write/manage) for the password, at the time when notification is generated.
  • Select users from list: Any other specific user(s) to be selected from the list of users.
  • Specify Email addresses: to generate notifications to specified list of email aliases or email addresses.

Check the required boxes and click Finish. The required password reset schedule has been created.

 

Top