Skip to main content

Defining managed accounts in a managed system policy

You must add accounts to a managed system policy to determine which passwords or SSH keys Bravura Privilege will manage on member systems. The managed system policy must have the password or SSH key authentication type in order to define managed accounts.

The accounts are identified by:

  • The account ID for a push mode managed system

  • The login ID for a local service mode managed system

  • A unique ID that you define for a vault-only managed system

The number of accounts managed in a managed system policy is represented by the Attached accounts column on the main Managed system policies page. This is the total number of managed accounts in the policy. You can associate accounts with a managed system policy in the following ways:

  • Manually, using the Managed system policies menu.

  • Attaching discovered accounts to policies via the Manage the system > Resources > Discovered objects > Systems menu.

  • Using import rules to assign discovered managed accounts.

You can only associate an account to a single managed system policy . If you try to attach the managed account to another managed system policy , it will be removed from the original managed system policy .

Caution

Ensure that you do not select a managed account for any other role, such as authorizer or workflow manager, in Bravura Privilege.

Manually adding an account

You can manually add an account to a managed system policy.

Only targeting credentials for managed systems can be managed accounts on a push mode policy. The ability to manage any account is enabled when Bravura Privilege is included in the product license. There are no restrictions for vault-only policies.

To manually add an account:

  1. Navigate to the Managed system policy information page .

  2. Select the Managed accounts tab.

  3. Click Add new…

    Bravura Privilege displays all available accounts and its associated member system.

  4. Select the checkboxes for the account IDs you want to add, then click Select.

Manually removing a managed account from a managed system policy

You can manually remove a managed account from a managed system policy . If an account does not belong to any policy, it will be moved into the HISTORICAL_DATA_GRP policy where its passwords are stored. In this state, the passwords are still accessible, but no longer randomized. Managed accounts can be manually removed through their managed system policy or their managed system .

If a managed account is currently checked out, then it cannot be removed from a managed system policy.

Warning

It is strongly recommended that you back up managed account passwords and their password histories before removing a managed account from a managed system policy.

To remove a managed account from a managed system policy :

  1. Navigate to the Managed system policy information page .

    Alternatively, navigate to the Managed system information page if removing the account from the managed system instead.

  2. Click the Managed accounts tab.

  3. Select the checkbox for the account ID that you want to remove from being managed, click Delete, then click OK to confirm the action.

In this section: