Changing Account Settings

If you are viewing the account details for an individual account, the information you can change depends on the type of system, domain, or database associated with the account. Regardless of the type, however, you cannot change the account name.

For most accounts, you can:

  • Select Manage this credential to convert an unmanaged account into a managed account. To manage multiple account passwords use the Manage account action on the Accounts page.

    You can also right-click a set and select Manage account to convert all the accounts associated with the set into managed accounts.

  • Deselect Manage this credential to convert a managed account into an unmanaged account.

  • Select to Use proxy account.

  • Modify the account description.

If you make any changes to the account, click Save.

Settings for Local Accounts

If you are viewing a local account for a Windows, UNIX, or Juniper system, you can also select or deselect Use proxy account depending on whether you want to use the proxy account defined for the system. In most cases, you select this option for an account under the following conditions:

  • If the target system type is UNIX or Juniper and the root account is not allowed to open secure shell sessions, select this option to use the proxy account defined for the system to start secure shell sessions on the target system.
  • If the target system type is Windows and you are using Windows Remote Management to manage passwords, select this option to use the proxy account defined for the system to validate and manage account passwords on the target system.

If you are viewing an account for a generic SSH device, you can edit the account description. You cannot manage account passwords, use a proxy account, or change the account name.

Settings for Multiplexed Accounts

If you are viewing the details for a multiplexed account, you can click Select to change the sub-accounts associated with the account. Before making changes to the sub-accounts for a multiplexed account, however, keep in mind that the sub-accounts must meet the following criteria:

  • Each account must be a domain account with its password stored and managed by the Privileged Access Service.
  • Each account must have sufficient permissions to run the target Windows service or scheduled task.
  • Each account must have Checkout and Edit permission.
  • Each account must have the “Log on as a service” user right assigned in a local or domain policy.
  • The domain where the sub-accounts are used must have periodic password rotation enabled and an interval set at the domain or global security settings level.

For more information about managing services and automating password rotation, see Managing Services