The Setting section located in Administration – Privileged access management (PAM) allows administrators to determine the default checkout and account lifecycle policy settings.
| DEFAULT VAULT VISIBILITY SETTINGS | DESCRIPTION |
|---|---|
| Default vault visibility | Determine whether users can see PAM vaults and request access by default, or if they need an invitation. |
| CHECKOUT POLICY SETTINGS | DESCRIPTIONS |
|---|---|
| Default checkout mode | Enable or disable checkouts by default. |
| Default approval mode | Define which requests require approval by default, if any. |
| Users can approve their own checkout requests | Choose whether users can approve their own requests, and under which condition. |
| Include admins as approver | Include all administrators in the list of approvers when checking out an entry. |
| Include PAM administrators when listing approvers | Include all PAM administrators in the list of approvers when checking out an entry. |
| Default reason mode | Choose under which conditions users need to give a reason for checking out an entry. |
| Default checkout time (minutes) | Set a default checkout time. |
| PAM default max checkout time (minutes) | Set a maximum checkout time, after which no time extensions are allowed. |
| Ticket number mode | Determine under which conditions the Ticket # field is required to be filled, if at all, when checking out an entry. |
| Terminate sessions on check in | Force session close on checkin. |
| Automatically check in PAM account when closing the entry | Force PAM account checkin when closing an entry it contains. |
| ACCOUNT LIFECYCLE POLICY SETTINGS | DESCRIPTIONS |
|---|---|
| Password policy | Choose a password policy. Requires policies to have been created previously in Administration – Password policy. |
| Action on checkin | Define an action to be performed upon checking in an entry. |
| Manual password rotation | Enable/disable manual password rotation. To manually rotate a password, go to the entry to rotate, click More (vertical ellipsis button), and select Reset password. |
| Password rotation schedule | Set a schedule for automatic password rotation. |
| Heartbeat | Enable/disable heartbeat. |
| Heartbeat schedule | Set a schedule for the heartbeat. Requires the Scheduler service. |
| Propagation | Select a propagation script, provided one was created in Administration – Privileged access management (PAM) – Propagation. |
Share your feedback