Manage platforms

This topic describes how to manage platforms in the classic interface.

Target account platforms and service account platforms define the technical settings which determine how the system manages accounts on different platforms. All the platforms supported by the Privileged Access Manager - Self-Hosted solution are configured out-of-the-box with default values for most of the settings. The technical settings under each platform include settings that determine how password management operations take place, transparent connections, PSM connections, etc. Some settings, such as logon or reconcile accounts, do not have defaults and require setting up when needed. You can manage target account platforms as well as service account platforms.

PAM - Self-Hosted supports remote password management and change on the following target platforms:

Operating Systems
Databases
Security Appliances
Network Devices
Directories
Applications

Predefined platform settings for each platform determine the following:

How frequently a password will be changed and/or verified, the password management timeframe, notification settings, and a variety of other management criteria and capabilities. For more information, refer to Change passwords.
The rules that must be applied when a new random password is generated. These rules must match the password rules on the remote machine where the password will be used, so that the password will be accepted during the password change operation as well as during logon.
Additional information common to all accounts associated with this platform.

In order for users to be able to add passwords to the Vault through the Password Vault Web Access, the supported platform must be specified. A list of platforms can be accessed and configured in the Platform Management page. You can use the default parameters as they are or you can add/edit mandatory or optional password properties. In this way, you can customize the system to meet your own organization’s policy requirements.

When the user adds a password in the Password Vault Web Access, he will be able to allocate any predefined supported platform. The required and optional properties for the selected platform will appear automatically, so that he can specify the required information.

The following options in the platform settings page enable you to customize account management on supported target platforms:

UI & Workflows – Customizes account management workflows on target accounts, such as ticketing systems and associated logon and verification accounts.
Automatic Password Management – Defines how passwords are managed in PAM - Self-Hosted.

These configurations can be viewed and modified by default by users with membership in the following group:

Vault Admins
 

By default, platform configurations are applied to all Safes. From a security aspect, it is recommended to use the AllowedSafe parameter to enable platforms for specific Safes.