Account properties

This topic describes account properties for several account types.

 

Some of the more advanced properties are accessible from the Additional details & actions in classic interface link.

Operating systems

For details, see Operating systems.

Windows domain accounts

Parameter Description
Required properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows Domain Accounts is WinDomain.
Address The Windows domain name of the remote machine where the password will be used. This can be specified as a Fully Qualified Domain Name (FQDN). For example, mycompany.com.
User Name The name of the user on the remote machine.
Optional properties
Logon To

The name of the domain where the account will be used. When the account is managed automatically, the CPM uses this value for authentication.

Note: To connect to a remote machine with a transparent connection, specify the FQDN name of the domain that the logon user belongs to. For example, mycompany.com. This replaces the domain’s NETBIOS name.

User DN User’s distinguished name.
Port The port that will be used to access the remote machine.
Limit Domain Access To Add the addresses/hostnames of the remote machines to which this domain account can be used to connect, separated with an Enter.
Additional accounts
Logon account An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts.
Reconcile account An extra account that contains the password used in reconciliation processes. For details, see Reconcile Password .
Multiple copies of accounts – Multiple copies of Windows domain accounts can be synchronized and used in the following different resources. For details, see Manage dependent accounts.
Windows Services A Windows domain account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully.
Windows Scheduled Tasks A Windows domain accounts can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully.
Windows IIS Pools A Windows domain account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully.
Windows COM+ Applications A Windows domain account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully.
Windows IIS Directory Security (Anonymous Access) A Windows domain account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully.

If you are configuring Domain Accounts for access to remote target machines through PSM, see Connection Component Configuration.

Windows local accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows local accounts is WinServerLocal.
Address The network name or IP address of the remote machine where the password will be used.
User Name The name of the user on the remote machine who this password belongs to.
Optional Properties
Logon To The domain of the account. If you intend to connect to the remote machine with transparent connection, specify the NETBIOS name of the domain that the user belongs to. For example, a domain whose full name is mycompany.com might have the NETBIOS name mycompany_dom, which users would specify in this property.
To try to resolve the remote machine’s domain automatically, click Resolve; if the PVWA can identify the remote machine’s domain automatically, the domain name will appear in the ‘Logon To’ field. If not, a message will appear prompting you to specify it manually.
User DN User’s distinguished name.
Port The port that will be used to access the remote machine.
Additional accounts
Logon account An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts.
Reconcile account An extra account that contains the password used in reconciliation processes. For details, see Reconcile Password .
Multiple copies of accounts Multiple copies of Windows local accounts can be synchronized and used in the following different resources. For details, see Manage dependent accounts.
Windows Services A Windows local account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully.
Windows Scheduled Tasks A Windows local account can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully.
Windows IIS Pools A Windows local account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully.
Windows COM+ Applications A Windows local account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully.
Windows IIS Directory Security (Anonymous Access) A Windows local account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully.

Windows local desktop accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows Local Desktop Accounts is WinDesktopLocal.
Address The IP/DNS address, Windows domain or machine name, or TNS name of the remote machine where the password will be used.
User Name The name of the user on the remote machine.
Optional Properties
LogonDomain The domain where the account will be used.
Location The physical location of the Windows machine.
OwnerName The full name of the desktop owner.
Additional accounts
Logon account An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts.
Reconcile account An extra account that contains the password used in reconciliation processes. For details, see Reconcile Password .
Multiple copies of accounts – Multiple copies of Windows local desktop accounts can be synchronized and used in the following different resources. For details, see Manage dependent accounts.
Windows Services A Windows local desktop account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully.
Windows Scheduled Tasks A Windows local desktop account password can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully.
Windows IIS Pools A Windows local desktop account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully.
Windows COM+ Applications A Windows local desktop account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully.
Windows IIS Directory Security (Anonymous Access) A Windows local desktop account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully.

Windows local accounts with WMI

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Windows Local Accounts with WMI is WinLocalWMI.
Address The IP/DNS address, Windows domain or machine name, or TNS name of the remote machine where the password will be used.
User Name The name of the user on the remote machine.
Optional Properties
LogonDomain The domain where the account will be used.
Location The physical location of the Windows machine.
OwnerName The full name of the desktop owner.
Additional accounts
Logon account An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts.
Reconcile account An extra account that contains the password used in reconciliation processes. . For details, see Reconcile Password . By default, a platform reconcile account is configured, although you can override it by associating a different reconcile account in the Account Details page.
Multiple copies of accounts – Multiple copies of Windows local accounts with WMI can be synchronized and used in the following different resources. For details, see Manage dependent accounts.
Windows Services A Windows local account password can be synchronized with multiple copies of the same password used in different services, after it has been changed successfully.
Windows Scheduled Tasks A Windows local account password can be synchronized with other occurrences of the same password in different Windows scheduled tasks, after it has been changed successfully.
Windows IIS Pools A Windows local account password can be synchronized with multiple copies of the same password used in Windows IIS Application Pools, after it has been changed successfully.
Windows Registry A Windows local account password can be synchronized with multiple copies of the same password used in different registries, after it has been changed successfully.
Windows COM+ Applications A Windows local account password can be synchronized with multiple copies of the same password used in Windows COM+ applications, after it has been changed successfully.
Windows IIS Directory Security (Anonymous Access) A Windows local account password can be synchronized with multiple copies of the same password used in IIS Directory Security with Anonymous Access definition, after it has been changed successfully.

Unix SSH accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Unix SSH passwords is Unix via SSH.
Address The IP address of the remote machine where the password will be used.
User Name The name of the user on the remote machine who this password belongs to.
Additional accounts
Logon account An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts.
Reconcile account An extra account that contains the password used in reconciliation processes. For details, see Reconcile Password .

Unix accounts with SSH Keys

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for Unix accounts with SSH Keys is Unix via SSH Keys.
Address The IP address of the remote machine where the private SSH key will be used together with a public SSH key stored on that machine.
User Name The name of the user on the remote machine who is authorized to use the private SSH key.

Optional Properties

Comment

Free text that is stored in the comment section of the public key during change and reconcile processes.

Note:  There are no character limitations, but the length of the comment is limited to 4096 characters.

SSH Key

SSH Key The content of the private SSH key. This can be specified as either a key file or as the actual key content.
Additional accounts
Reconcile account An extra account that contains the password or SSH Key used in reconciliation processes. For details, see Reconcile Password .

You can also add accounts using the AccountUploader utility. For details, see AccountUploader Utility.

Unix Domain/NIS accounts

Parameter Description
Required Properties
Platform Name

The platform name that is relevant for this password, and is specified in the platform. This platform is not predefined and must be configured manually.
For more information about using these accounts in PSM connections, refer to Connection Component Configuration.

For more information about using these accounts in PSM for SSH connections, refer to UNIX Domain/NIS Accounts.

Address The domain name of the machine where the password will be used. This can either be specified as an IP address or as a Fully Qualified Domain Name (FQDN). For example, mycompany.com.
User Name The name of the domain user who can access the machine where the password will be used.
Optional Properties
Limit Domain Access To Add the addresses/hostnames of the remote machines to which this domain account can be used to connect, separated with an Enter.

If you are configuring Domain Accounts for access to remote target machines through PSM, refer to Connection Component Configuration.

AS400 (iSeries) accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for as400 passwords is as400.
Address The IP address of the remote machine where the password will be used.
User Name The name of the user on the remote machine who this password belongs to.
Optional Properties
AS400 Account Type The type of the AS400 (iSeries) account. Specify one of the following:
RegularUserProfile – An account type for regular OS users (default).
ServiceToolUser – An account type for either Dedicated Service Tools (DST) users or System Service Tools (SST) users.
Additional accounts
Logon account An extra account that contains the password that is required to log onto the remote machine for Service Tools accounts.
For details, see Create linked accounts.This account must be defined as a RegularUserProfile type account. 
Reconcile account

An extra account that contains the password used in reconciliation processes for Service Tools accounts.
For details, see Reconcile Password .

This account must be defined as the same type as the main account type.

OS/390 (Z/OS) SSH accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for OS/390 (Z/OS) SSH passwords is OS390SSH.
Address The IP address of the remote machine where the password will be used.
User Name The name of the user on the remote machine who this password belongs to.
Additional accounts
Logon account An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts.

ESX/i accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for ESX/i accounts is VMWareESX-API.
Address The address of the remote machine where the password will be used.
User Name The name of the user on the remote machine who this password belongs to. Specify a local ESX/ESX/i account or ‘root’.
Additional accounts
Logon account An extra account that contains the password that is required to log onto the remote machine. This must also be an ESX/i local or root account.
For details, see Create linked accounts.
Reconcile account An extra account that contains the password used in reconciliation processes. This must also be an ESX/i local or root account.
For details, see Reconcile Password .

Databases

For details, see Databases.

Oracle accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Oracle passwords is Oracle.
User Name The name of the user on the remote machine.
Optional Properties
DSN The name of the DSN connection that will be used.
Use either this parameter or ‘ConnectionStringFile’.
Address The IP address of the remote machine where the password will be used.
Port The port that will be used to access the remote machine.
Database The name of the database where the account will be used.
Additional accounts
Reconcile account An extra account that contains the password used in reconciliation processes. For details, see Reconcile Password .

Sybase accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Sybase passwords is Sybase.
User Name The name of the user on the remote machine.
Optional Properties
DSN The name of the DSN connection that will be used.
Use either this parameter or ‘ConnectionStringFile’.
Address The IP address of the remote machine where the password will be used.
Port The port that will be used to access the remote machine.
Database The name of the database where the account will be used.
Additional accounts
Reconcile account An extra account that contains the password used in reconciliation processes. For details, see Reconcile Password .

DB2 Unix SSH accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for DB2 Unix SSH accounts is DB2 on Unix via SSH.
Address The address of the remote machine where the password will be used.
User Name The name of the user on the remote machine who the password belongs to.
Additional accounts
Logon account An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts.

Informix Unix SSH accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for Informix Unix SSH accounts is Informix on Unix via SSH.
Address The address of the remote machine where the password will be used.
User Name The name of the user on the remote machine who the password belongs to.
Additional Accounts
Logon account An extra account that contains the password that is required to log onto the remote machine. For details, see Create linked accounts.

MSSql accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Microsoft SQL Server passwords is MSSql.
User Name The name of the user on the remote machine.
Optional Properties
DSN The name of the DSN connection that will be used.
Use either this parameter or ‘ConnectionStringFile’.
Address The IP address of the remote machine where the password will be used.
Port The port that will be used to access the remote machine.
Database The name of the database where the account will be used.
Additional accounts
Reconcile account An extra account that contains the password used in reconciliation processes. For details, see Reconcile Password .
Windows reconcile account Whether the reconcile account is a Microsoft Windows account or an SQL account.

Security appliances

CheckPoint Firewall-1 accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for CheckPoint Firewall-1 passwords is Firewall1.
Address The IP address of the remote machine where the password will be used.
User Name The name of the user on the remote machine to whom this password belongs.
ClientDN The distinguished name of the client entity.
ServerDN The distinguished name of the SmartCenter module.
Optional Properties
SicCertFile The path and name of the sic certification file. Default: opsec.p12 which should be placed in the Password Manager Bin directory.
Port The port that will be used to access the router.

For details, see Security appliances.

Network Devices

Cisco SSH accounts - network device

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Cisco SSH passwords is CiscoSSH.
Type The type of password to use. Specify one of the following:
ciscouser
ciscoenable
ciscoterminal
Optional Properties
User Name The name of the user on the router that this password belongs to. Specify one of the following:
ciscouser – the name of the user on the PIX machine.
ciscoenable – nothing
Address The IP address of the remote machine where the password will be used.
Port The port that will be used to access the router.
vty The virtual terminal line that will connect to the router.
Additional accounts
Enable account An extra account that contains the password that will enable the CPM to switch to ‘enable’ mode and change the password on the remote machine. 
Logon account An extra account that contains the password that contains logon information that will enable the CPM to log onto the remote machine where the password will be changed.

For details, see Network devices.

Directories

Novell eDirectory accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for Novell eDirectory passwords is Novell-eDirectory.
Address The IP address of the remote machine where the password will be used.
UserDN The distinguished name of the user.
Optional Properties
Port The port that will be used to access the remote machine.
Additional accounts
Reconcile account An extra account that contains the password used in reconciliation processes. For details, see Reconcile Password .

For details, see Directories.

SunOne Directory SSL accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this password, and is specified in the platform. The default platform name for SunOne Directory SSL passwords is SunOneDirectorySSL.
Address The IP address of the remote machine where the password will be used.
UserDN The distinguished name of the user.
Optional Properties
Port The port that will be used to access the remote machine.
Additional accounts
Reconcile account An extra account that contains the password used in reconciliation processes. For details, see Reconcile Password .

For details, see Directories.

Applications

For details, see Applications.

CyberArk accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for CyberArk accounts is CyberArk.
Address The IP/DNS address, Windows domain or machine name, or TNS name of the remote machine where the password will be used.
User Name The name of the user on the remote machine who the password belongs to.
Optional Properties
Port The Vault IP port. The default port number is 1858.
Timeout The number of seconds to wait for a Vault to respond to a command before a timeout message is displayed. The default timeout is 30 seconds.
ReconnectPeriod The number of seconds to wait before the sessions with the Vault is re-established. The default is 60 seconds.
ProxyType The type of proxy through which the Vault is accessed. Options are HTTP, HTTPS, SOCKS4, SOCKS5, NOPROXY.
Default value: NOPROXY.
ProxyAddress The proxy server’s IP/DNS address. This is mandatory when using a proxy server.
ProxyPort The Proxy server IP port.
ProxyAuthDomain The domain for the Proxy server if NTLM authentication is required.
ProxyUser User for Proxy server if NTLM authentication is required.
ProxyPassword The password for Proxy server if NTLM authentication is required.
BehindFirewall Whether or not the Vault is accessed via a Firewall.
Default value: No.
UseOnlyHTTP1 Whether or not to use only HTTP 1.0 protocol. Valid either with proxy settings or with BehindFirewall.
Default value: No.

SAP accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for SAP accounts is SAP.
Address The address of the remote machine where the password will be used.
User Name The name of the user on the remote machine who the password belongs to.
SAP System Number The SAP system number.
SAP Client The SAP Client

RSA Authentication Manager accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform.
For the Operation System User, use the Unix SSH platform.
For other RSA SecurID users, use the RSA Authentication Manager platform.
User Name The name of the user as it is defined in the RSA Authentication Manager.
Address The FQDN address of the RSA Authentication Manager
RSA User Type The type of RSA user. Specify one of the following users:
Operation System User
Security User
Operation User
Command Client User
Automatic management Whether or not the account will be automatically managed. For the Security User and the Operation User, clear Disable automatic management for this account.

Websites

Facebook accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for Facebook accounts is Facebook.
Address The address of Facebook’s website, www.facebook.com. This address appears by default.
User Name The name of the Facebook user to whom the password belongs.

LinkedIn accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for Linkedin accounts is Linkedin.
Address The address of Linkedin’s website, www.linkedin.com. This address appears by default.
User Name

The name of the Linkedin user to whom the password belongs.

Instagram accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for Instagramaccounts is Instagram.
Address The address of instagram’s website, www. instagram.com. This address appears by default.
User Name The name of the Instagram user to whom the password belongs.

Twitter accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for Twitter accounts is Twitter.
Address

The address of Twitter’s website, www.twitter.com. This address appears by default.

User Name The name of the Twitter user to whom the password belongs.

Salesforce accounts

Parameter Description
Required Properties
Platform Name

The platform name that is relevant for this account, and is specified in the platform. The default platform name for Salesforce accounts is Salesforce.

User Name The name of the Salesforce user to whom the password belongs.

Optional Properties

Address The application URL

Cloud services

For details, see Cloud services.

Amazon Web Services (AWS) accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for Amazon Web Services (AWS) accounts is Amazon Web Services (AWS).
Address The address of the Amazon Web Services (AWS) website, www.AWS.com. This address appears by default.
AWS ARN Role The role that can securely access the AWS console.

AWS Account ID

The account ID on the AWS console.

This is a 12-digit number, such as 123456789012, used to construct Amazon Resource Names (ARNs). When referring to resources, such as an IAM user or a Glacier vault, the account ID distinguishes these resources from those in other AWS accounts.

Optional Properties
AWS Policy The policy that enables access to the AWS console for the specified user.
AWS Address The AWS address. This is used for connecting to the AWS govcloud through PSM and must be configured manually.

AWS Account Alias Name

A friendly identifier of your AWS account ID that can be used for your sign-in page to contain your company name, instead of your AWS account ID.

Additional Accounts
Logon account

An extra account that contains the key that contains logon information that will enable the CPM to log onto the remote machine where the password will be changed.

Reconciliation Account An extra account that contains the key that will enable the CPM to switch to ‘enable’ mode and change the password on the remote machine.

Amazon Web Services (AWS) Access Keys

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for Amazon Web Services (AWS) access keys is Amazon Web Services – AWS-Access Keys.
AWS Access Key ID The unique ID of the Amazon Web Services (AWS) access key that is used by APIs to access the AWS console.
AWS IAM Username The user of the AWS IAM account.

AWS Account ID

The account ID on the AWS console.

This is a 12-digit number, such as 123456789012, used to construct Amazon Resource Names (ARNs). When referring to resources, such as an IAM user or a Glacier vault, the account ID distinguishes these resources from those in other AWS accounts.

Optional Properties

AWS Account Alias Name

A friendly identifier of your AWS account ID that can be used for your sign-in page to contain your company name, instead of your AWS account ID.

Key Content
AWS Access Key Secret The AWS access key secret that is required to access an AWS platform.

Google Cloud Platform accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform.
User Name The name of the Google Cloud Platform user to whom the password belongs.
Address The address of the Google Cloud Platform website.

Microsoft Azure Management accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for Microsoft Azure Management accounts is Microsoft Azure Management.
User Name The name of the Microsoft Azure user to whom the password belongs.
Address The address of the Microsoft Azure Management website, Azure. This value is not used so you can specify any value.

Optional Properties

DevOps

OpenShift accounts

Parameter Description
Required Properties
Platform Name The platform name that is relevant for this account, and is specified in the platform. The default platform name for OpenShift accounts is OpenShift.
User Name The name of the OpenShift user to whom the password belongs.

Optional Properties

Address

The application URL