• State Not Answered
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 1035 views
  • Users 0 members are here
Options
Related

manual recovery from pw vaulting

dario guastella
over 2 years ago

Hello everybody!

Is there a way to recover pw of an account from SPP vault without activate the function "Include password release with session requests" in a Access Request Policy?

the specific need is to retrieve the pw of an account and use it outside safeguard

thanks a lot!

  • 0 over 2 years ago

    Hi Dario,

    Yes you can create a "Password" Access Request Policy to allow a user with this entitlement to request the password of an account. 

    When creating a new request and selecting the Asset then Account, click on the current Access Type available to choose Password instead of RDP or SSH for example.

    Thanks!

  • 0 over 2 years ago in reply to Tawfiq.Ahmad

    Thank you Tawfiq, just to be sure, are you meaning:

     (sorry i cannot attach any picture)

    in the ARP window, in the TAB "General" i have to select Password (under Credential Access Type) and in the scope TAB i have to upload the account that i want the passord?

    If this is right, if I have 10 privileged accounts for 10 different users, do I have to create 10 ARPs (each user has his own privileged account)?

    If the above is wrong, can you please suggest me the right place in the admin guide to better understand and study this case by myself?

    i need to understand in which way i have to create a "Password" ARP

    Thanks a lot!!!

     

     

  • 0 over 2 years ago in reply to dario guastella

    Hi Dario,

    If the privileged accounts are AD based then you can assign each user their unique AD privileged account as a linked account.

    Select a user from the Users pane, then click the Linked Account tab and add the AD privileged account that belongs to that user here.

    Once the users each have their own AD Privileged account assigned in Linked Account tab then you can create one Entitlement with a Password Access Request Policy that is configured with no Scope but rather use the Access Config setting > enable the check box "Allow password access to linked accounts".

    Then assign this entitlement to all of these users so they they can each request the password for their own respective AD privileged "Linked account"

    Here is the section in the Admin guide that has more details on Creating an Access Request Policy:

    https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-passwords/6.11.1/administration-guide/61#TOPIC-1693649

    Thanks!

  • 0 over 2 years ago in reply to Tawfiq.Ahmad

    that's perfect! That's fantastic!

    much more easier then i thought

    thank you so so much!!

    so, have a great we!!!