Creating Multiplexed Accounts
After you have replicated and tested the sub-accounts for a service, you can create a multiplexed account to run one or more target services on one or more target systems.
To create the multiplexed account
-
In the Admin Portal, click Resources, then click Accounts to display the list of accounts.
-
Click Multiplexed Accounts.
-
Click Add Multiplexed Account.
-
Type a name and, optionally, a description for the multiplexed account.
-
Click Select for Account 1 to search for and select a stored domain account that is managed by the Privileged Access Service.
- The domain account you select must have the appropriate permissions to run the target service or scheduled task.
- The domain account password must be managed by the Privileged Access Service.
- You must have periodic password rotation enabled at the domain or global security settings level.
When you type a search string to locate the account, only accounts that meet the criteria are returned. Select the appropriate sub‑account in the list of results, then click Add.
-
Click Select for Account 2 to search for and select a stored domain account that is managed by the Privileged Access Service.
-
Click Save to save the sub-account settings for the multiplexed account.
The multiplex account ensures that all of the computers where the managed service account is used are synchronized before the password is rotated. If your password rotation interval is 90 days, for example, the service might run for 45 days using the subaccount1 managed password, then switch to using the identical subaccount2 managed password.
When the password expires, a new password is generated and all of the computers with a service running under the subaccount2 managed password pick up the new subaccount1 managed password. If there are issues on any computer preventing rotation, rotation is skipped until the issue is fixed.
