Group manager platform properties
The following tables list all the properties that can be configured for platforms that can be applied to account groups.
General
| Property | Description |
|---|---|
| PolicyID |
The unique name or ID of the group manager platform. This property is required. |
| PolicyName |
The descriptive name of the platform. This property is required. |
| PolicyType |
The type of platform. Specify Group to define this platform as a group manager platform. This property is required. |
| ImmediateInterval | The number of minutes that will elapse between when the user initiates an account management process and when the process is performed. |
| Interval | The number of minutes that the CPM waits between loops when processing accounts of this platform. |
| SearchForUsages |
Whether or not CPM will search for copies of the account after it successfully changed and synchronized them. Specify Yes. This property is required. |
| AllowedSafes | A Safes pattern that indicates the Safes that this platform can be applied to. |
| Status | Indicates whether a platform is active or inactive. |
Privileged account management
| Property | Description |
|---|---|
| MinValidityPeriod | The number of minutes to wait from the last retrieval of the password until it is replaced. This gives the user a minimum period to be able to use the password before it is replaced. |
| ResetOveridesMinValidity | If the account is marked with the ‘ResetImmediately’ property, it will be changed, regardless of the period defined in the MinValidityPeriod parameter. |
| ResetOveridesTimeFrame | If the account is marked with the ‘ResetImmediately’ property, it will be changed, regardless of the time frame defined in the FromHour and ToHour parameters. |
| Timeout | The number of seconds to wait for the change password plugin to finish its execution. |
| UnlockIfFail | Whether or not the account will be unlocked and made available to other users if it was not changed successfully. This is relevant to exclusive accounts mode only. |
Password change
| Property | Description |
|---|---|
| AllowManualChange | Whether or not a ‘Change Now’ process can be initiated manually. This parameter can be specified in the group manager as well as in group members. |
| PerformPeriodicChange | Whether or not accounts related to this platform will be changed periodically according to the Master Policy. |
| HeadStartInterval | The number of days before the password expires (according to the Master Policy) that the CPM will initiate a password change process. |
| FromHour | The time from when the CPM can change passwords, either manually or automatically. |
| ToHour | The time until when the CPM can change passwords, either manually or automatically. |
| DaysNotifyPriorExpiration | The number of days before a password is changed that a notification will be sent to recipients, a re-notification interval that determines the number of days between notifications for the same password expiration (optional) and a re-notification period (optional) that determines the period of time during which these notifications will be sent. Separate these values by commas. |
| ExecutionDays | The days of the week when the CPM will change passwords. |
Password verification
| Property | Description |
|---|---|
| VFAllowManualVerification | Whether or not a password verification process can be initiated manually in the PVWA. This configuration is only relevant to group member platforms. |
| VFPerformPeriodicVerification | Whether or not a password verification process will be performed automatically according to the number of days specified in the VFVerificationPeriod parameter. |
| VFVerificationPeriod | The number of days between automatic password verification processes. |
| VFFromHour | The time frame in hours during which the CPM can verify passwords, either manually or automatically. |
| VFToHour | The time frame in hours during which the CPM can verify passwords, either manually or automatically. |
| VFExecutionDays | The days of the week when the CPM will verify passwords. |
Password reconciliation
| Property | Description |
|---|---|
| RCAllowManualReconciliation | Whether or not passwords will be reconciled when a user initiates the procedure manually through the PVWA. This parameter can be specified in the group manager as well as in group members. |
| RCFromHour | The time from when the CPM can reconcile passwords, either manually or automatically. |
| RCToHour | The time until when the CPM can reconcile passwords, either manually or automatically. |
| ReconcileAccountSafe | The name of the Safe where the reconcile account is stored or a dynamic rule to specify this value. |
| ReconcileAccountFolder | The name of the folder where the reconcile account is stored or a dynamic rule to specify this value. |
| ReconcileAccountName | The name of the reconcile account or a dynamic rule to specify this value. |
| RCExecutionDays | The days of the week when the CPM will reconcile passwords. |
Notifications
| Property | Description |
|---|---|
| NFInterval | The interval in minutes between the notification tasks. |
| NFFromHour | The hour when notification will begin. |
| NFToHour | The hour when notification will end. |
| NFNotifyPriorExpiration | Whether or not notifications will be sent to recipients. |
| NFPriorExpirationRecipients | The list of email addresses that notifications will be sent to. |
| NFNotifyOnUnreleasedPasswords | Whether or not specified recipients will receive notifications when an account is not released after the time defined in MinValidityPeriod. This parameter is not relevant if the platform is a group platform. |
|
NFOnUnreleasedPassword Recipients |
The email addresses of users who will receive notifications when an account is not released after the time defined in MinValidityPeriod. |
| NFNotifyOnPasswordDisable | Whether or not specified recipients will receive notifications when an account is disabled. This parameter is not relevant if the platform is a group platform. |
| NFOnPasswordDisableRecipients | The email addresses of users who will receive notifications when an account is disabled. |
| NFNotifyOnVerificationErrors | Whether or not specified recipients will receive notifications when an account verification process results in an error. This parameter is not relevant if the platform is a group platform. |
| NFOnVerificationErrorsRecipients | The email addresses of users who will receive notifications when an account verification process results in an error. |
| NFNotifyOnPasswordUsed | Whether or not specified recipients will receive notifications when an account is used. This parameter is not relevant if the platform is a group platform. |
| NFOnPasswordUsedRecipients | The email addresses of users who will receive notifications when an account is used. |
Generate password
| Property | Description |
|---|---|
| PasswordLength | The length of the newly generated password. |
| MinUpperCase | The minimum number of uppercase characters in the newly generated password. To exclude upper case characters from the password, specify ‘-1’. |
| MinLowerCase | The minimum number of lower case characters in the newly generated password. To exclude lower case characters from the password, specify ‘-1’. |
| MinDigit | The minimum number of digits in the newly generated password. To exclude digits from the password, specify ‘-1’. |
| MinSpecial | The minimum number of special characters in the newly generated password. To exclude special characters from the password, specify ‘-1’. |
| PasswordForbiddenChars | The characters that cannot be used when generating a new password, for example: “/~\”. |
| PasswordEffectiveLength | The number of characters in the newly generated password in which the above rules are effective. If this parameter is not specified, the PasswordLength parameter is used as the effective length. |
|
PreventSameChar PerPrevPassPosition |
Whether or not characters (alphabetic or numeric) can be used in the same positions as in the previous password. This property is relevant for AS400 (iSeries) accounts only. |
|
PreventRepeating Characters |
Whether or not characters can be used more than once in a password. This property is relevant for AS400 (iSeries) accounts only. |
Automatic password management general properties
| Property | Description |
|---|---|
| SearchForUsages | Whether or not CPM will search for copies of the account after it successfully changed and synchronized them. Specify Yes. |
