Configure PAM provider to rotate its own password

On this page

Privileged users can rotate a PAM provider password—either manually or on a schedule—in a few simple steps.

This feature works with every PAM provider, except for Entra ID, as it is an APP registration.

Steps

  1. Configure a PAM provider.

Enter the PAM provider's details
Enter the PAM provider's details

  1. Create the provider as an entry in a PAM vault.

Create the PAM provider as an entry
Create the PAM provider as an entry

  1. Click on the entry's check synchronization status button to very if it is accessible.

Checking access
Checking access

  1. Head back to the PAM provider and click the Edit button. Under Credentials, set the Credential type to Linked credentials.

Linked credentials option
Linked credentials option

  1. Click on the Linked credentials field, and select the PAM entry created during step #2 in the Privileged account window. Click on Ok, then Save the PAM provider settings.

Linking provider credentials to the entry
Linking provider credentials to the entry

The PAM provider password can then be rotated manually via the entry's Reset password button, or on a schedule by setting a password rotation schedule in the entry's PropertiesPassword rotation schedule.

Manual PAM provider password rotation
Manual PAM provider password rotation

Scheduled PAM provider password rotation
Scheduled PAM provider password rotation

Devolutions Forum logo Give us Feedback