Account properties
This topic describes account properties for several account types.
|
Some of the more advanced properties are accessible from the Additional details & actions in classic interface link. |
Operating systems
Windows domain accounts
| Parameter | Description |
|---|---|
| Required properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows Domain Accounts is WinDomain. |
| Address | The Windows domain name of the remote machine where the password will be used. This can be specified as a Fully Qualified Domain Name (FQDN). For example, mycompany.com. |
| User Name | The name of the user on the remote machine. |
| Optional properties | |
| Logon To |
The name of the domain where the account will be used. When the account is managed automatically, the CPM uses this value for authentication. Note: To connect to a remote machine with a transparent connection, specify the FQDN name of the domain that the logon user belongs to. For example, mycompany.com. This replaces the domain’s NETBIOS name. |
| User DN | User’s distinguished name. |
| Port | The port that will be used to access the remote machine. |
| Limit Domain Access To | Add the addresses/hostnames of the remote machines to which this domain account can be used to connect, separated with an Enter. |
| Additional accounts | |
| Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
| Reconcile account | An extra account that contains the password used in reconciliation processes. |
| Multiple copies of accounts – Multiple copies of Windows domain accounts can be synchronized and used in the following different resources. | |
| Windows Services | A Windows domain account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully. |
| Windows Scheduled Tasks | A Windows domain accounts can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully. |
| Windows IIS Pools | A Windows domain account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully. |
| Windows COM+ Applications | A Windows domain account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully. |
| Windows IIS Directory Security (Anonymous Access) | A Windows domain account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully. |
Windows local accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows local accounts is WinServerLocal. |
| Address | The network name or IP address of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine who this password belongs to. |
| Optional Properties | |
| User DN | User’s distinguished name. |
| Port | The port that will be used to access the remote machine. |
| Additional accounts | |
| Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
| Reconcile account | An extra account that contains the password used in reconciliation processes. |
| Multiple copies of accounts | Multiple copies of Windows local accounts can be synchronized and used in the following different resources. |
| Windows Services | A Windows local account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully. |
| Windows Scheduled Tasks | A Windows local account can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully. |
| Windows IIS Pools | A Windows local account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully. |
| Windows COM+ Applications | A Windows local account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully. |
| Windows IIS Directory Security (Anonymous Access) | A Windows local account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully. |
Windows local desktop accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows Local Desktop Accounts is WinDesktopLocal. |
| Address | The IP/DNS address, Windows domain or machine name, or TNS name of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine. |
| Optional Properties | |
| LogonDomain | The domain where the account will be used. |
| Location | The physical location of the Windows machine. |
| OwnerName | The full name of the desktop owner. |
| Additional accounts | |
| Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
| Reconcile account | An extra account that contains the password used in reconciliation processes. |
| Multiple copies of accounts – Multiple copies of Windows local desktop accounts can be synchronized and used in the following different resources. | |
| Windows Services | A Windows local desktop account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully. |
| Windows Scheduled Tasks | A Windows local desktop account password can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully. |
| Windows IIS Pools | A Windows local desktop account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully. |
| Windows COM+ Applications | A Windows local desktop account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully. |
| Windows IIS Directory Security (Anonymous Access) | A Windows local desktop account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully. |
Windows local accounts with WMI
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows Local Accounts with WMI is WinLocalWMI. |
| Address | The IP/DNS address, Windows domain or machine name, or TNS name of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine. |
| Optional Properties | |
| LogonDomain | The domain where the account will be used. |
| Location | The physical location of the Windows machine. |
| OwnerName | The full name of the desktop owner. |
| Additional accounts | |
| Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
| Reconcile account | An extra account that contains the password used in reconciliation processes. . |
| Multiple copies of accounts – Multiple copies of Windows local accounts with WMI can be synchronized and used in the following different resources. | |
| Windows Services | A Windows local account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully. |
| Windows Scheduled Tasks | A Windows local account password can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully. |
| Windows IIS Pools | A Windows local account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully. |
| Windows Registry | A Windows local account password can be synchronized with multiple copies of the same password used in different registries, after it has been changed successfully. |
| Windows COM+ Applications | A Windows local account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully. |
| Windows IIS Directory Security (Anonymous Access) | A Windows local account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully. |
Unix SSH accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Unix SSH passwords is Unix via SSH. |
| Address | The IP address of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine who this password belongs to. |
| Additional accounts | |
| Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
| Reconcile account |
An extra account that contains the password used in reconciliation processes. |
Unix accounts with SSH Keys
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Unix accounts with SSH Keys is Unix via SSH Keys. |
| Address | The IP address of the remote machine where the private SSH key will be used together with a public SSH key stored on that machine. |
| User Name | The name of the user on the remote machine who is authorized to use the private SSH key. |
|
Optional Properties |
|
|
Comment |
Free text that is stored in the comment section of the public key during change and reconcile processes. Note: There are no character limitations, but the length of the comment is limited to 4096 characters. |
|
SSH Key |
|
| SSH Key | The content of the private SSH key. This can be specified as either a key file or as the actual key content. |
| Additional accounts | |
| Reconcile account |
An extra account that contains the password or SSH Key used in reconciliation processes. |
Unix Domain/NIS accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | |
| Address | The domain name of the machine where the password will be used. This can either be specified as an IP address or as a Fully Qualified Domain Name (FQDN). For example, mycompany.com. |
| User Name | The name of the domain user who can access the machine where the password will be used. |
| Optional Properties | |
| Limit Domain Access To | Add the addresses/hostnames of the remote machines to which this domain account can be used to connect, separated with an Enter. |
AS400 (iSeries) accounts
| Parameter | Description | ||||||
|---|---|---|---|---|---|---|---|
| Required Properties | |||||||
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for as400 passwords is as400. | ||||||
| Address | The IP address of the remote machine where the password will be used. | ||||||
| User Name | The name of the user on the remote machine who this password belongs to. | ||||||
| Optional Properties | |||||||
| AS400 Account Type | The type of the AS400 (iSeries) account. Specify one of the following:
|
||||||
| Additional accounts | |||||||
| Logon account |
An extra account that contains the password that is required to log onto the remote machine for Service Tools accounts. For details, see Create linked accounts.This account must be defined as a RegularUserProfile type account. |
||||||
| Reconcile account |
An extra account that contains the password used in reconciliation processes for Service Tools accounts. This account must be defined as the same type as the main account type. |
||||||
OS/390 (Z/OS) SSH accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for OS/390 (Z/OS) SSH passwords is OS390SSH. |
| Address | The IP address of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine who this password belongs to. |
| Additional accounts | |
| Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
ESX/i accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for ESX/i accounts is VMWareESX-API. |
| Address | The address of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine who this password belongs to. Specify a local ESX/ESX/i account or ‘root’. |
| Additional accounts | |
| Logon account |
An extra account that contains the password that is required to log onto the remote machine. This must also be an ESX/i local or root account. For details, see Create linked accounts. |
| Reconcile account |
An extra account that contains the password used in reconciliation processes. This must also be an ESX/i local or root account. |
Databases
Oracle accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Oracle passwords is Oracle. |
| User Name | The name of the user on the remote machine. |
| Optional Properties | |
| DSN |
The name of the DSN connection that will be used. Use either this parameter or ‘ConnectionStringFile’. |
| Address | The IP address of the remote machine where the password will be used. |
| Port | The port that will be used to access the remote machine. |
| Database | The name of the database where the account will be used. |
| Additional accounts | |
| Reconcile account |
An extra account that contains the password used in reconciliation processes. |
Sybase accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Sybase passwords is Sybase. |
| User Name | The name of the user on the remote machine. |
| Optional Properties | |
| DSN |
The name of the DSN connection that will be used. Use either this parameter or ‘ConnectionStringFile’. |
| Address | The IP address of the remote machine where the password will be used. |
| Port | The port that will be used to access the remote machine. |
| Database | The name of the database where the account will be used. |
| Additional accounts | |
| Reconcile account |
An extra account that contains the password used in reconciliation processes. |
DB2 Unix SSH accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for DB2 Unix SSH accounts is DB2 on Unix via SSH. |
| Address | The address of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine who the password belongs to. |
| Additional accounts | |
| Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
Informix Unix SSH accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Informix Unix SSH accounts is Informix on Unix via SSH. |
| Address | The address of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine who the password belongs to. |
| Additional Accounts | |
| Logon account | An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts. |
MSSql accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Microsoft SQL Server passwords is MSSql. |
| User Name | The name of the user on the remote machine. |
| Optional Properties | |
| DSN |
The name of the DSN connection that will be used. Use either this parameter or ‘ConnectionStringFile’. |
| Address | The IP address of the remote machine where the password will be used. |
| Port | The port that will be used to access the remote machine. |
| Database | The name of the database where the account will be used. |
| Additional accounts | |
| Reconcile account |
An extra account that contains the password used in reconciliation processes. |
| Windows reconcile account | Whether the reconcile account is a Microsoft Windows account or an SQL account. |
Security appliances
CheckPoint Firewall-1 accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for CheckPoint Firewall-1 passwords is Firewall1. |
| Address | The IP address of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine to whom this password belongs. |
| ClientDN | The distinguished name of the client entity. |
| ServerDN | The distinguished name of the SmartCenter module. |
| Optional Properties | |
| SicCertFile | The path and name of the sic certification file. Default: opsec.p12 which should be placed in the Password Manager Bin directory. |
| Port | The port that will be used to access the router. |
Network Devices
Cisco SSH accounts - network device
| Parameter | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Required Properties | ||||||||||
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Cisco SSH passwords is CiscoSSH. | |||||||||
| Type |
The type of password to use. Specify one of the following:
|
|||||||||
| Optional Properties | ||||||||||
| User Name |
The name of the user on the router that this password belongs to. Specify one of the following:
|
|||||||||
| Address | The IP address of the remote machine where the password will be used. | |||||||||
| Port | The port that will be used to access the router. | |||||||||
| vty | The virtual terminal line that will connect to the router. | |||||||||
| Additional accounts | ||||||||||
| Enable account | An extra account that contains the password that will enable the CPM to switch to ‘enable’ mode and change the password on the remote machine. | |||||||||
| Logon account | An extra account that contains the password that contains logon information that will enable the CPM to log onto the remote machine where the password will be changed. | |||||||||
Directories
Novell eDirectory accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for Novell eDirectory passwords is Novell-eDirectory. |
| Address | The IP address of the remote machine where the password will be used. |
| UserDN | The distinguished name of the user. |
| Optional Properties | |
| Port | The port that will be used to access the remote machine. |
| Additional accounts | |
| Reconcile account |
An extra account that contains the password used in reconciliation processes. |
SunOne Directory SSL accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this password, and is specified in the platform. The default platform name for SunOne Directory SSL passwords is SunOneDirectorySSL. |
| Address | The IP address of the remote machine where the password will be used. |
| UserDN | The distinguished name of the user. |
| Optional Properties | |
| Port | The port that will be used to access the remote machine. |
| Additional accounts | |
| Reconcile account |
An extra account that contains the password used in reconciliation processes. |
Applications
CyberArk accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for CyberArk accounts is CyberArk. |
| Address | The IP/DNS address, Windows domain or machine name, or TNS name of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine who the password belongs to. |
| Optional Properties | |
| Port | Privilege Cloud IP port. The default port number is 1858. |
| Timeout | The number of seconds to wait for a Vault to respond to a command before a timeout message is displayed. The default timeout is 30 seconds. |
| ReconnectPeriod | The number of seconds to wait before the sessions with Privilege Cloud is re-established. The default is 60 seconds. |
| ProxyType |
The type of proxy through which Privilege Cloud is accessed. Options are HTTP, HTTPS, SOCKS4, SOCKS5, NOPROXY. Default value: NOPROXY. |
| ProxyAddress | The proxy server’s IP/DNS address. This is mandatory when using a proxy server. |
| ProxyPort | The Proxy server IP port. |
| ProxyAuthDomain | The domain for the Proxy server if NTLM authentication is required. |
| ProxyUser | User for Proxy server if NTLM authentication is required. |
| ProxyPassword | The password for Proxy server if NTLM authentication is required. |
| BehindFirewall |
Whether or not Privilege Cloud is accessed via a Firewall. Default value: No. |
| UseOnlyHTTP1 |
Whether or not to use only HTTP 1.0 protocol. Valid either with proxy settings or with BehindFirewall. Default value: No. |
SAP accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for SAP accounts is SAP. |
| Address | The address of the remote machine where the password will be used. |
| User Name | The name of the user on the remote machine who the password belongs to. |
| SAP System Number | The SAP system number. |
| SAP Client | The SAP Client |
RSA Authentication Manager accounts
| Parameter | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Required Properties | |||||||||||||
| Platform Name | The platform name that is relevant for this account, and is specified in the platform.
|
||||||||||||
| User Name | The name of the user as it is defined in the RSA Authentication Manager. | ||||||||||||
| Address | The FQDN address of the RSA Authentication Manager | ||||||||||||
| RSA User Type | The type of RSA user. Specify one of the following users:
|
||||||||||||
| Automatic management | Whether or not the account will be automatically managed. For the Security User and the Operation User, clear Disable automatic management for this account. | ||||||||||||
Websites
Facebook accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Facebook accounts is Facebook. |
| Address | The address of Facebook’s website, www.facebook.com. This address appears by default. |
| User Name | The name of the Facebook user to whom the password belongs. |
LinkedIn accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Linkedin accounts is Linkedin. |
| Address | The address of Linkedin’s website, www.linkedin.com. This address appears by default. |
| User Name |
The name of the Linkedin user to whom the password belongs. |
Instagram accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Instagramaccounts is Instagram. |
| Address | The address of instagram’s website, www. instagram.com. This address appears by default. |
| User Name | The name of the Instagram user to whom the password belongs. |
Twitter accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Twitter accounts is Twitter. |
| Address |
The address of Twitter’s website, www.twitter.com. This address appears by default. |
| User Name | The name of the Twitter user to whom the password belongs. |
Salesforce accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name |
The platform name that is relevant for this account, and is specified in the platform. The default platform name for Salesforce accounts is Salesforce. |
| User Name | The name of the Salesforce user to whom the password belongs. |
|
Optional Properties |
|
| Address | The application URL |
Cloud services
Amazon Web Services (AWS) accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Amazon Web Services (AWS) accounts is Amazon Web Services (AWS). |
| Address | The address of the Amazon Web Services (AWS) website, www.AWS.com. This address appears by default. |
| AWS ARN Role | The role that can securely access the AWS console. |
|
AWS Account ID |
The account ID on the AWS console. This is a 12-digit number, such as 123456789012, used to construct Amazon Resource Names (ARNs). When referring to resources, such as an IAM user or a Glacier vault, the account ID distinguishes these resources from those in other AWS accounts. |
| Optional Properties | |
| AWS Policy | The policy that enables access to the AWS console for the specified user. |
| AWS Address | The AWS address. This is used for connecting to the AWS govcloud through PSM and must be configured manually. |
|
AWS Account Alias Name |
A friendly identifier of your AWS account ID that can be used for your sign-in page to contain your company name, instead of your AWS account ID. |
| Additional Accounts | |
| Logon account |
An extra account that contains the key that contains logon information that will enable the CPM to log onto the remote machine where the password will be changed. |
| Reconciliation Account | An extra account that contains the key that will enable the CPM to switch to ‘enable’ mode and change the password on the remote machine. |
Amazon Web Services (AWS) Access Keys
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Amazon Web Services (AWS) access keys is Amazon Web Services – AWS-Access Keys. |
| AWS Access Key ID | The unique ID of the Amazon Web Services (AWS) access key that is used by APIs to access the AWS console. |
| AWS IAM Username | The user of the AWS IAM account. |
|
AWS Account ID |
The account ID on the AWS console. This is a 12-digit number, such as 123456789012, used to construct Amazon Resource Names (ARNs). When referring to resources, such as an IAM user or a Glacier vault, the account ID distinguishes these resources from those in other AWS accounts. |
|
Optional Properties |
|
|
AWS Account Alias Name |
A friendly identifier of your AWS account ID that can be used for your sign-in page to contain your company name, instead of your AWS account ID. |
| Key Content | |
| AWS Access Key Secret | The AWS access key secret that is required to access an AWS platform. |
Google Cloud Platform accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. |
| User Name | The name of the Google Cloud Platform user to whom the password belongs. |
| Address | The address of the Google Cloud Platform website. |
Microsoft Azure Management accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for Microsoft Azure Management accounts is Microsoft Azure Management. |
| User Name | The name of the Microsoft Azure user to whom the password belongs. |
| Address | The address of the Microsoft Azure Management website, Azure. This value is not used so you can specify any value. |
|
Optional Properties |
|
DevOps
OpenShift accounts
| Parameter | Description |
|---|---|
| Required Properties | |
| Platform Name | The platform name that is relevant for this account, and is specified in the platform. The default platform name for OpenShift accounts is OpenShift. |
| User Name | The name of the OpenShift user to whom the password belongs. |
|
Optional Properties |
|
| Address |
The application URL |
