Before you install Credential Provider (CP) for Windows

Before you install CP for Windows, read the following:

  • During installation, a privileged user creates the environment for the CP in the Vault / Privilege Cloud.

    Recommended: Define a dedicated privileged user in the Vault / Privilege Cloud with the permissions required for the installation.

    You can use the predefined admin users in the Vault / Privilege Cloud, or any other user that has at least the following permissions:

    In the Vault / Privilege Cloud

    • Add Safes

    • Audit Users

    • Add/Update Users

    • Manage Server File Categories

    • Reset User's Password

    In the PVWAConfig Safe

    This user must be an owner of the PVWAConfig Safe with the following permissions:

    • List Files
    • Retrieve Files
    • View Owners
    • Manage Safe Owners

    These authorizations enable the user to create the environment for the CP.

    Alternatively, you can install the CP without creating the required environment in the Vault / Privilege Cloud, and create the environment manually on the CP machine at a later stage. For more information, see Create the Credential Provider (CP) Vault / Privilege Cloud environment manually for Windows.


    Members of the Vault / Privilege Cloud Admins group are added automatically as owners of the Credential Provider Safe

  • When more than one CP is installed on the same Vault / Privilege Cloud with the same configuration Safe, for the second and subsequent installations, the user installing the CP requires the following authorizations on the existing CP configuration Safes, AppProviderConf (this is the default name) and AppProviderCacheSafe:

    • Use accounts
    • Retrieve accounts
    • List accounts
    • Add accounts
    • Update password value
    • Update password properties
    • Rename accounts
    • Unlock accounts
    • Manage Safe
    • Manage Safe Members
    • View audit
    • View Safe Members
    • Create folders

    For more information about sharing configuration files for multiple CPs, see Credential Provider configuration.