Change Password in V10 Interface

Passwords can be changed automatically by the CPM or manually by an authorized user.

Change password automatically by CPM

The CPM can change passwords for managed accounts. When you create an account, you can define whether the account's password will be automatically managed by the CPM, using the Allow automatic password management property.

The CPM generates unique and highly secure passwords using the password policy and the random password generation mechanism. So, generally, passwords that are managed by the CPM do not require manual intervention.

Passwords are changed by the CPM in the following scenarios:

Scenario	Description
Password expired	The expiration period is configured in the Master Policy using the Require password change every X days rule. For details, see Require password change every X days.
Request timeframe	A user requests to connect to an account or display a password (dual-control) for a certain timeframe, and that request is approved. Once the timeframe expires, the password is changed (if the user already released the account, it is changed upon release).
Manual initiation	If the account is managed by the CPM, when the user clicks Change, an immediate change CPM operation is initiated.
One-time and exclusive passwords	Passwords that are defined as one-time passwords or that are configured for Exclusive Account mode are changed after every use. These are configured in the Master Policy with the Enforce one-time password access and the Enforce check-in/check-out exclusive accessrules. These passwords are changed after accounts are checked-in manually or automatically after a minimum validity period defined in the Master Policy or based on the request timeframe.
Account groups	When the password of an account that is a member of a group is changed, the password values for the entire group are also changed.

Change password manually by user

You have the following options for changing the password:

Action	Description
Trigger the CPM to change the password	The account is managed by the CPM. CPM changes the password in both the target machine and in the Vault . You must have the following Safe member authorizations to initiate a password change: Initiate CPM password management operations
Change the password manually only in the Vault .	You must have the following Safe member authorizations in the safe where the account is stored: Update password value

Action

Description

Trigger the CPM to change the password

The account is managed by the CPM. CPM changes the password in both the target machine and in the Vault .

You must have the following Safe member authorizations to initiate a password change:

Initiate CPM password management operations

Change the password manually only in the Vault .

You must have the following Safe member authorizations in the safe where the account is stored:

Update password value

To change a password:

On the Accounts View page, locate and click the account in the grid.
On the account's Overview tab, in the Compliance Status section, click Change.

On the pop up, do the following:

Account managed by the CPM

Trigger CPM to change password.

Click Change. The CPM will change the password during the next account management cycle.
Change the password only in the Vault .

Click Change password only in the vault, enter the password and confirm it.

Account not managed by the CPM

Change the password only in the Vault .

Enter the password and confirm it.