Disabling password randomization
You can temporarily disable password randomization for some or all managed system policies. This will override all other randomization settings, including scheduled randomization or randomization after an account is checked in. During this time, passwords that need to be randomized or overridden will be blocked and queued until password randomization is re-enabled.
To temporarily disable password randomization for an individual managed system policy:
Click Manage the system > Privileged access > Managed system policies.
Select the managed system policy.
In the General tab, enable the checkbox for Randomization disabled.
Click Update.
To resume password randomization for the individual managed system policy, disable the checkbox for Randomization disabled .
To temporarily disable password randomization for all managed system policies:
Click Manage the system > Privileged access > Managed system policies.
Scroll to the bottom of the policies list.
Select Disable all password randomization in all policies.
Selecting this option will override the randomization setting of the individual managed system policies.
To resume password randomization for all managed system policies, select Allow policies to randomize passwords .
Warning
Make sure that you re-enable password randomization when it is safe to do so. Affected passwords may be immediately reset.
Allow check-outs while randomization is disabled
When you disable randomization, Bravura Security Fabric ’s default behavior is to check in and block any check-outs for accounts, account sets, or group sets that are members of the affected managed system policies. You can choose to allow check-outs while randomization is disabled.
Warning
Check-ins will not cause the password to be randomized; this could present a security risk if users have access to account passwords, as they will not be randomized until randomization is re-enabled.
After a managed system policy is enabled, passwords must be randomized initially before any accounts are available for check-out. You can do this either by waiting for the managing service to poll the member systems, or by manually randomizing them.
To allow check-outs for all policies while randomization is disabled:
Click Manage the system > Maintenance > System variables.
Set RES DISABLE RANDOMIZATIONS ALLOW CHECKOUTS to Enabled.
Click Update.
Replication will propagate the setting to secondary nodes automatically.
To allow check-outs for selected policies instead of all policies:
Click Manage the system > Privileged access > Managed system policies.
Select the managed system policy.
In the General tab, select the checkbox for Allow check-outs when randomization is disabled.
Click Update.
If the Allow check-outs when randomization is disabled option for the managed system policy is deselected, the global setting RES DISABLE RANDOMIZATIONS ALLOW CHECKOUTS applies.