Activate show password for PAM accounts

This topic describes how to activate the option to show the password of PAM accounts from the CyberArk Mobile app.

Overview

Using the CyberArk Mobile app, you can show the passwords of privileged accounts for securely connecting to target accounts.

For company users or vendors to access passwords from the CyberArk Mobile, you need to activate this capability for each of your tenants.

Accounts that are available for users in the CyberArk Mobile are the same accounts that are available to them from PAM - Self-Hosted and Privilege Cloud.

Prerequisites

Limitations

You cannot show the password for accounts under certain policies:

  • Enforced check-in/check-out exclusive access

  • Requires dual control password access approval

  • Enforced one-time password access

  • Ticketing systems integration

  • Enforced user login only via IdP is not supported. For more information, see Set enforcement

    For accounts that have Dual Control enabled, a user can show the account password only if the user that is accessing the account has Access without Confirmation permissions in the Safe. For more information, see Enable a Safe owner to access a Safe without confirmation.

Activate show account password

As an administrator, activate the show account capability for each of your tenants.

  1. Log in to the Remote Access Admin portal: https://portal.alero.io/ (change the URL according to your datacenter).

  2. Select a tenant. In the Remote Access menu, click Settings > General.

  3. In the Show password for PAM accounts in the mobile application section, select Allow company users to view the password of PAM accounts from the CyberArk Mobile app.

  4. To allow also vendors to access account credentials from the CyberArk Mobile, select Allow vendors to view the password.

  5. Click Save.