Version: Axidian Privilege 3.0

Account Operations

Account Editing

The function allows you to change the Account Name, Description or Policy

Click in the account profile to the right of the desired option

Account Confirmation

Resource or Domain Synchronization function allows you to get local or domain accounts in automatic mode, but confirmation is required to work with the received accounts, since Axidian Privilege does not get their passwords.

Click Make managed in the account page

Password and SSH Key

If a service connection of the SSH type is configured for the resource from which the account was added, then it will be possible to generate or manually add not only a password, but also an SSH key. Also, for such accounts it is possible not to set a password: the setup wizard will display an additional item when setting a password — Not set. Below we will consider an example of confirming an *nix account. When confirming Windows OS accounts, DBMS or domain accounts, the Not set item will be missing, and there will be no page for generating or manually setting an SSH Key.

Password Settings

Select Not set, Generate random password, or Set password manually
Enter a password or continue by selecting Not set or Generate random password

SSH Key Settings

Select Not set, Generate new SSH key, or Set SSH keymanually.
To specify the SSH key manually, you need a key file in PEM format. If the key has already been created, make sure that it starts with the specified string, otherwise the key must be converted to RSA format:
```
-----BEGIN RSA PRIVATE KEY-----
```
To create a new key, use the puttygen utility, or one of the commands:
```
ssh-keygen -t rsa -m PEM
```
```
openssl genrsa -des3 -out privatekey.pem
```
Select the SSH key file and enter its password, or continue by selecting Not set or Generate new SSH key.

Rollback Password or SSH Key

The function allows you to return the saved state of the password or SSH key for the account

Click Rollback on your account profile.
Select a restore point, provide a reason and complete password recovery

Verification of Password or SSH Key

The function allows you to check whether the account password or SSH key is valid.

Click Check in the account page

Password Change

caution

When changing an account password, pay attention to whether there are services associated with the account. When you change the account password, the passwords of the associated services will also change.

The function allows you to change the password to a random value or enter a new password manually.

Click Change password in the Account profile
Select one of the following options Generate random password or Set password manually
Enter the password or continue by selecting Generate random password
Fill in the Password change reason and click Save

Scheduled Password Change

Changing account passwords on a schedule is configured via policies.

Open the Policies section.
Select the policy that controls the account you want to set scheduled password change for.
Open the Accounts section.
Enable the Periodically change the account password and SSH key option.
Specify the number of days in the Password and SSH key change period field. Automatic password or SSH key change will be performed once every specified number of days.

SSH Key Change

The function allows you to change the key to a random value or upload the new key manually.

Click Change SSH key in the account profile
Select one of the following options: Generate new SSH key or Set SSH key manually
Select the SSH key file and enter its password or continue by selecting Generate new SSH key
Fill in the SSH key change reason and click Save

Removing Unmanaged SSH Keys

If account has an error "Unmanaged SSH keys detected", the Remove unmanaged SSH keys button becomes available. Once clicked, only the unmanaged SSH Axidian Privilege keys will be removed.

Keys that were created or added to Axidian Privilege remain unchanged.

Synchronization

The function allows you to get the list of groups the account belongs to.

Click Sync in the account profile

Blocking

The function allows you to suspend all permissions in which the account is used.

Click Block in the account profile

note

The account will be marked with the symbol. All permissions in which the account is a member will be marked with the symbol.

Ignoring

The function allows you to put an account in a state in which it is stored without a password and cannot be used in permissions.

Click Ignore in the account profile

caution

The account will be marked with the symbol. All permissions with this account will become inactive.

Removing an Account

Click Remove on your account profile

info

When removed, the account will disappear from all services associated with it. There will be a dash in the Account field in the service profile. The services will not be removed.

Rolling Back an Account

Click Extended search in the Accounts section
Enter your Account name in whole or in part
Set the State field to Removed
Select the resource or domain from which the account was added
Open your account profile and click Rollback
Select a password recovery point for your account
Enter the reason for the recovery and click Rollback

info

When you restore an account, any previously existing associations between the account and services are not restored.

Account Editing​

Account Confirmation​

Password and SSH Key​

Password Settings​

SSH Key Settings​

Rollback Password or SSH Key​

Verification of Password or SSH Key​

Password Change​

Scheduled Password Change​

SSH Key Change​

Removing Unmanaged SSH Keys​

Synchronization​

Blocking​

Ignoring​

Removing an Account​

Rolling Back an Account​