Skip to main content

Example: Expose the USE_MANAGED_CREDENTIALS attribute

This example demonstrates how to expose the USE_MANAGED_CREDENTIALS attribute so a system trustee does not need to manually enter the system's credentials when onboarding a system; instead a Bravura Privilege managed account will be used, and when that managed account’s password is updated by Bravura Privilege, the credentials used by the onboarded system will be too.

Requirements

This example assumes:

  • An AD Target has been configured as a managed system

  • An AD Target has been configured as a source of profiles.

  • Auto discovery has been run.

  • RefBuild.pam_team_management is installed.

  • Scenario.pam_system_type_winnt is installed.

  • A team administrator has been configured.

  • A team, with a system trustee has been configured.

Expose the USE_MANAGED_CREDENTIALS attribute
  1. Log in as superuser.

  2. Click Manage the System > Privileged Access -> Managed System policies.

  3. Select the PRODUCT_ADMIN_ACCOUNTS managed system policy.

  4. Click the Member systems tab.

  5. Click Add new….

  6. Select the AD managed system.

  7. Click Select .

  8. Click the Managed accounts tab.

  9. Click Add new… .

  10. Select an account that can be used as target administrator for the onboarded systems.

  11. Click Select .

  12. Click Home.

  13. Click Manage external data store.

  14. Select the hid_global_configuration table.

  15. Add an entry for the USE_MANAGED_CREDENTIAL attribute to be exposed:

    • Namespace: pam_pdr_onboard_system

    • Setting: OPTIONAL_ATTRS

    • Value :USE_MANAGED_CREDENTIAL

  16. Click Update.

  17. Update the following entry in the hid_global_configuration table to match the Value of the managed system policy you configured above:

    • Namespace : pam_system_management

    • Setting : MANAGED_ADMIN_CREDENTIAL_POLICY

    • Value: PRODUCT_ADMIN_ACCOUNTS (or any other MSP which is applied to the managed target admin account)

Test the System: Onboard PDR
  1. Log in as a system trustee.

  2. Click Manage resources.

  3. Click System: Onboard.

  4. Select the System Type and click Next.

    The option to select Connect using managed account is available.

    uc-privilage-expose-creds-pdr