Account properties
This topic describes account properties for several account types.
Some of the more advanced properties are accessible from the Additional details & actions in classic interface link. |
Operating systems
Windows domain accounts
Parameter | Description |
---|---|
Required properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows Domain Accounts is WinDomain. |
Address | The Windows domain name of the remote machine where the password will be used. This can be specified as a Fully Qualified Domain Name (FQDN). For example, mycompany.com. |
User Name | The name of the user on the remote machine. |
Optional properties | |
Logon To |
The name of the domain where the account will be used. When the account is managed automatically, the CPM uses this value for authentication. Note: To connect to a remote machine with a transparent connection, specify the FQDN name of the domain that the logon user belongs to. For example, mycompany.com. This replaces the domain’s NETBIOS name. |
User DN | User’s distinguished name. |
Port | The port that will be used to access the remote machine. |
Limit Domain Access To | Add the addresses/hostnames of the remote machines to which this domain account can be used to connect, separated with an Enter. |
Additional accounts | |
Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
Reconcile account | An extra account that contains the password used in reconciliation processes. |
Multiple copies of accounts – Multiple copies of Windows domain accounts can be synchronized and used in the following different resources. | |
Windows Services | A Windows domain account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully. |
Windows Scheduled Tasks | A Windows domain accounts can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully. |
Windows IIS Pools | A Windows domain account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully. |
Windows COM+ Applications | A Windows domain account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully. |
Windows IIS Directory Security (Anonymous Access) | A Windows domain account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully. |
Windows local accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows local accounts is WinServerLocal. |
Address | The network name or IP address of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine who this password belongs to. |
Optional Properties | |
User DN | User’s distinguished name. |
Port | The port that will be used to access the remote machine. |
Additional accounts | |
Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
Reconcile account | An extra account that contains the password used in reconciliation processes. |
Multiple copies of accounts | Multiple copies of Windows local accounts can be synchronized and used in the following different resources. |
Windows Services | A Windows local account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully. |
Windows Scheduled Tasks | A Windows local account can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully. |
Windows IIS Pools | A Windows local account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully. |
Windows COM+ Applications | A Windows local account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully. |
Windows IIS Directory Security (Anonymous Access) | A Windows local account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully. |
Windows local desktop accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows Local Desktop Accounts is WinDesktopLocal. |
Address | The IP/DNS address, Windows domain or machine name, or TNS name of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine. |
Optional Properties | |
LogonDomain | The domain where the account will be used. |
Location | The physical location of the Windows machine. |
OwnerName | The full name of the desktop owner. |
Additional accounts | |
Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
Reconcile account | An extra account that contains the password used in reconciliation processes. |
Multiple copies of accounts – Multiple copies of Windows local desktop accounts can be synchronized and used in the following different resources. | |
Windows Services | A Windows local desktop account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully. |
Windows Scheduled Tasks | A Windows local desktop account password can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully. |
Windows IIS Pools | A Windows local desktop account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully. |
Windows COM+ Applications | A Windows local desktop account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully. |
Windows IIS Directory Security (Anonymous Access) | A Windows local desktop account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully. |
Windows local accounts with WMI
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows Local Accounts with WMI is WinLocalWMI. |
Address | The IP/DNS address, Windows domain or machine name, or TNS name of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine. |
Optional Properties | |
LogonDomain | The domain where the account will be used. |
Location | The physical location of the Windows machine. |
OwnerName | The full name of the desktop owner. |
Additional accounts | |
Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
Reconcile account | An extra account that contains the password used in reconciliation processes. . |
Multiple copies of accounts – Multiple copies of Windows local accounts with WMI can be synchronized and used in the following different resources. | |
Windows Services | A Windows local account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully. |
Windows Scheduled Tasks | A Windows local account password can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully. |
Windows IIS Pools | A Windows local account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully. |
Windows Registry | A Windows local account password can be synchronized with multiple copies of the same password used in different registries, after it has been changed successfully. |
Windows COM+ Applications | A Windows local account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully. |
Windows IIS Directory Security (Anonymous Access) | A Windows local account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully. |
Unix SSH accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Unix SSH passwords is Unix via SSH. |
Address | The IP address of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine who this password belongs to. |
Additional accounts | |
Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
Reconcile account |
An extra account that contains the password used in reconciliation processes. |
Unix accounts with SSH Keys
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Unix accounts with SSH Keys is Unix via SSH Keys. |
Address | The IP address of the remote machine where the private SSH key will be used together with a public SSH key stored on that machine. |
User Name | The name of the user on the remote machine who is authorized to use the private SSH key. |
Optional Properties |
|
Comment |
Free text that is stored in the comment section of the public key during change and reconcile processes. Note: There are no character limitations, but the length of the comment is limited to 4096 characters. |
SSH Key |
|
SSH Key | The content of the private SSH key. This can be specified as either a key file or as the actual key content. |
Additional accounts | |
Reconcile account |
An extra account that contains the password or SSH Key used in reconciliation processes. |
Unix Domain/NIS accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | |
Address | The domain name of the machine where the password will be used. This can either be specified as an IP address or as a Fully Qualified Domain Name (FQDN). For example, mycompany.com. |
User Name | The name of the domain user who can access the machine where the password will be used. |
Optional Properties | |
Limit Domain Access To | Add the addresses/hostnames of the remote machines to which this domain account can be used to connect, separated with an Enter. |
AS400 (iSeries) accounts
Parameter | Description | ||||||
---|---|---|---|---|---|---|---|
Required Properties | |||||||
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for as400 passwords is as400. | ||||||
Address | The IP address of the remote machine where the password will be used. | ||||||
User Name | The name of the user on the remote machine who this password belongs to. | ||||||
Optional Properties | |||||||
AS400 Account Type | The type of the AS400 (iSeries) account. Specify one of the following:
|
||||||
Additional accounts | |||||||
Logon account |
An extra account that contains the password that is required to log onto the remote machine for Service Tools accounts. For details, see Create linked accounts.This account must be defined as a RegularUserProfile type account. |
||||||
Reconcile account |
An extra account that contains the password used in reconciliation processes for Service Tools accounts. This account must be defined as the same type as the main account type. |
OS/390 (Z/OS) SSH accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for OS/390 (Z/OS) SSH passwords is OS390SSH. |
Address | The IP address of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine who this password belongs to. |
Additional accounts | |
Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
ESX/i accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for ESX/i accounts is VMWareESX-API. |
Address | The address of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine who this password belongs to. Specify a local ESX/ESX/i account or ‘root’. |
Additional accounts | |
Logon account |
An extra account that contains the password that is required to log onto the remote machine. This must also be an ESX/i local or root account. For details, see Create linked accounts. |
Reconcile account |
An extra account that contains the password used in reconciliation processes. This must also be an ESX/i local or root account. |
Databases
Oracle accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Oracle passwords is Oracle. |
User Name | The name of the user on the remote machine. |
Optional Properties | |
DSN |
The name of the DSN connection that will be used. Use either this parameter or ‘ConnectionStringFile’. |
Address | The IP address of the remote machine where the password will be used. |
Port | The port that will be used to access the remote machine. |
Database | The name of the database where the account will be used. |
Additional accounts | |
Reconcile account |
An extra account that contains the password used in reconciliation processes. |
Sybase accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Sybase passwords is Sybase. |
User Name | The name of the user on the remote machine. |
Optional Properties | |
DSN |
The name of the DSN connection that will be used. Use either this parameter or ‘ConnectionStringFile’. |
Address | The IP address of the remote machine where the password will be used. |
Port | The port that will be used to access the remote machine. |
Database | The name of the database where the account will be used. |
Additional accounts | |
Reconcile account |
An extra account that contains the password used in reconciliation processes. |
DB2 Unix SSH accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for DB2 Unix SSH accounts is DB2 on Unix via SSH. |
Address | The address of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine who the password belongs to. |
Additional accounts | |
Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
Informix Unix SSH accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Informix Unix SSH accounts is Informix on Unix via SSH. |
Address | The address of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine who the password belongs to. |
Additional Accounts | |
Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
MSSql accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Microsoft SQL Server passwords is MSSql. |
User Name | The name of the user on the remote machine. |
Optional Properties | |
DSN |
The name of the DSN connection that will be used. Use either this parameter or ‘ConnectionStringFile’. |
Address | The IP address of the remote machine where the password will be used. |
Port | The port that will be used to access the remote machine. |
Database | The name of the database where the account will be used. |
Additional accounts | |
Reconcile account |
An extra account that contains the password used in reconciliation processes. |
Windows reconcile account | Whether the reconcile account is a Microsoft Windows account or an SQL account. |
Security appliances
CheckPoint Firewall-1 accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for CheckPoint Firewall-1 passwords is Firewall1. |
Address | The IP address of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine to whom this password belongs. |
ClientDN | The distinguished name of the client entity. |
ServerDN | The distinguished name of the SmartCenter module. |
Optional Properties | |
SicCertFile | The path and name of the sic certification file. Default: opsec.p12 which should be placed in the Password Manager Bin directory. |
Port | The port that will be used to access the router. |
Network Devices
Cisco SSH accounts - network device
Parameter | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Required Properties | ||||||||||
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Cisco SSH passwords is CiscoSSH. | |||||||||
Type |
The type of password to use. Specify one of the following:
|
|||||||||
Optional Properties | ||||||||||
User Name |
The name of the user on the router that this password belongs to. Specify one of the following:
|
|||||||||
Address | The IP address of the remote machine where the password will be used. | |||||||||
Port | The port that will be used to access the router. | |||||||||
vty | The virtual terminal line that will connect to the router. | |||||||||
Additional accounts | ||||||||||
Enable account | An extra account that contains the password that will enable the CPM to switch to ‘enable’ mode and change the password on the remote machine. | |||||||||
Logon account | An extra account that contains the password that contains logon information that will enable the CPM to log onto the remote machine where the password will be changed. |
Directories
Novell eDirectory accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Novell eDirectory passwords is Novell-eDirectory. |
Address | The IP address of the remote machine where the password will be used. |
UserDN | The distinguished name of the user. |
Optional Properties | |
Port | The port that will be used to access the remote machine. |
Additional accounts | |
Reconcile account |
An extra account that contains the password used in reconciliation processes. |
SunOne Directory SSL accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for SunOne Directory SSL passwords is SunOneDirectorySSL. |
Address | The IP address of the remote machine where the password will be used. |
UserDN | The distinguished name of the user. |
Optional Properties | |
Port | The port that will be used to access the remote machine. |
Additional accounts | |
Reconcile account |
An extra account that contains the password used in reconciliation processes. |
Applications
CyberArk accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for CyberArk accounts is CyberArk. |
Address | The IP/DNS address, Windows domain or machine name, or TNS name of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine who the password belongs to. |
Optional Properties | |
Port | Privilege Cloud IP port. The default port number is 1858. |
Timeout | The number of seconds to wait for a Vault to respond to a command before a timeout message is displayed. The default timeout is 30 seconds. |
ReconnectPeriod | The number of seconds to wait before the sessions with Privilege Cloud is re-established. The default is 60 seconds. |
ProxyType |
The type of proxy through which Privilege Cloud is accessed. Options are HTTP, HTTPS, SOCKS4, SOCKS5, NOPROXY. Default value: NOPROXY. |
ProxyAddress | The proxy server’s IP/DNS address. This is mandatory when using a proxy server. |
ProxyPort | The Proxy server IP port. |
ProxyAuthDomain | The domain for the Proxy server if NTLM authentication is required. |
ProxyUser | User for Proxy server if NTLM authentication is required. |
ProxyPassword | The password for Proxy server if NTLM authentication is required. |
BehindFirewall |
Whether or not Privilege Cloud is accessed via a Firewall. Default value: No. |
UseOnlyHTTP1 |
Whether or not to use only HTTP 1.0 protocol. Valid either with proxy settings or with BehindFirewall. Default value: No. |
SAP accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for SAP accounts is SAP. |
Address | The address of the remote machine where the password will be used. |
User Name | The name of the user on the remote machine who the password belongs to. |
SAP System Number | The SAP system number. |
SAP Client | The SAP Client |
RSA Authentication Manager accounts
Parameter | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Required Properties | |||||||||||||
Platform Name | The platform name that is relevant for this account, and is specified in the platform.
|
||||||||||||
User Name | The name of the user as it is defined in the RSA Authentication Manager. | ||||||||||||
Address | The FQDN address of the RSA Authentication Manager | ||||||||||||
RSA User Type | The type of RSA user. Specify one of the following users:
|
||||||||||||
Automatic management | Whether or not the account will be automatically managed. For the Security User and the Operation User, clear Disable automatic management for this account. |
Websites
Facebook accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Facebook accounts is Facebook. |
Address | The address of Facebook’s website, www.facebook.com. This address appears by default. |
User Name | The name of the Facebook user to whom the password belongs. |
LinkedIn accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Linkedin accounts is Linkedin. |
Address | The address of Linkedin’s website, www.linkedin.com. This address appears by default. |
User Name |
The name of the Linkedin user to whom the password belongs. |
Instagram accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Instagramaccounts is Instagram. |
Address | The address of instagram’s website, www. instagram.com. This address appears by default. |
User Name | The name of the Instagram user to whom the password belongs. |
Twitter accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Twitter accounts is Twitter. |
Address |
The address of Twitter’s website, www.twitter.com. This address appears by default. |
User Name | The name of the Twitter user to whom the password belongs. |
Salesforce accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name |
The platform name that is relevant for this account, and is specified in the platform. The default platform name for Salesforce accounts is Salesforce. |
User Name | The name of the Salesforce user to whom the password belongs. |
Optional Properties |
|
Address | The application URL |
Cloud services
Amazon Web Services (AWS) accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Amazon Web Services (AWS) accounts is Amazon Web Services (AWS). |
Address | The address of the Amazon Web Services (AWS) website, www.AWS.com. This address appears by default. |
AWS ARN Role | The role that can securely access the AWS console. |
AWS Account ID |
The account ID on the AWS console. This is a 12-digit number, such as 123456789012, used to construct Amazon Resource Names (ARNs). When referring to resources, such as an IAM user or a Glacier vault, the account ID distinguishes these resources from those in other AWS accounts. |
Optional Properties | |
AWS Policy | The policy that enables access to the AWS console for the specified user. |
AWS Address | The AWS address. This is used for connecting to the AWS govcloud through PSM and must be configured manually. |
AWS Account Alias Name |
A friendly identifier of your AWS account ID that can be used for your sign-in page to contain your company name, instead of your AWS account ID. |
Additional Accounts | |
Logon account |
An extra account that contains the key that contains logon information that will enable the CPM to log onto the remote machine where the password will be changed. |
Reconciliation Account | An extra account that contains the key that will enable the CPM to switch to ‘enable’ mode and change the password on the remote machine. |
Amazon Web Services (AWS) Access Keys
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Amazon Web Services (AWS) access keys is Amazon Web Services – AWS-Access Keys. |
AWS Access Key ID | The unique ID of the Amazon Web Services (AWS) access key that is used by APIs to access the AWS console. |
AWS IAM Username | The user of the AWS IAM account. |
AWS Account ID |
The account ID on the AWS console. This is a 12-digit number, such as 123456789012, used to construct Amazon Resource Names (ARNs). When referring to resources, such as an IAM user or a Glacier vault, the account ID distinguishes these resources from those in other AWS accounts. |
Optional Properties |
|
AWS Account Alias Name |
A friendly identifier of your AWS account ID that can be used for your sign-in page to contain your company name, instead of your AWS account ID. |
Key Content | |
AWS Access Key Secret | The AWS access key secret that is required to access an AWS platform. |
Google Cloud Platform accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. |
User Name | The name of the Google Cloud Platform user to whom the password belongs. |
Address | The address of the Google Cloud Platform website. |
Microsoft Azure Management accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Microsoft Azure Management accounts is Microsoft Azure Management. |
User Name | The name of the Microsoft Azure user to whom the password belongs. |
Address | The address of the Microsoft Azure Management website, Azure. This value is not used so you can specify any value. |
Optional Properties |
DevOps
OpenShift accounts
Parameter | Description |
---|---|
Required Properties | |
Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for OpenShift accounts is OpenShift. |
User Name | The name of the OpenShift user to whom the password belongs. |
Optional Properties |
|
Address |
The application URL |