In EmpowerID, non-computer credentials are vaulted user names and passwords that can be requested and checked out by users to access the specific applications and other resources authorized by those credentials. When you vault a non-computer credential, you specify the type of credential you are vaulting and link it to the Shared Credential policy for that credential type. EmpowerID encrypts the user name, password and notes information for all credential types.
When a request for a non-computer credential is approved, users check out the credential to access the resources authorized by the credential. When the user is done with the credential—or the allocated time frame for using the credential has expired—the credential is checked in. Depending on the policy associated with the credential, the password may or may not be reset by the EmpowerID system.
To initiate any credential vaulting, a user needs an access assignment that includes the Computer PAM User Full Access or Computer PAM User Limited Access Management Role. This Management Role allows users to view and connect to privileged applications, vault credentials, and link them to applications. Users who vault credentials are the owners or Access Managers for those credentials. Access Managers can approve or deny access requests for the credentials they own. |
When the Default Access Duration in Minutes setting on the credential's linked policy is reached, EmpowerID automatically checks in the credentials and terminates the user's access to the credentials. For more time, the user must request access again. |
When using password reset, if the user checks out the credential but never actually sees the details and does not use it to connect to a privileged session, then the password is not reset on check in. |
|