Account Operations
Account Editing
The function allows you to change the Account Name, Description or Policy
- Click
in the account profile to the right of the desired option
Account Confirmation
Resource or Domain Synchronization function allows you to get local or domain accounts in automatic mode, but confirmation is required to work with the received accounts, since Axidian Privilege does not get their passwords.
- Click Make managed in the account page
Password and SSH Key
If a service connection of the SSH type is configured for the resource from which the account was added, then it will be possible to generate or manually add not only a password, but also an SSH key. Also, for such accounts it is possible not to set a password: the setup wizard will display an additional item when setting a password — Not set. Below we will consider an example of confirming an *nix account. When confirming Windows OS accounts, DBMS or domain accounts, the Not set item will be missing, and there will be no page for generating or manually setting an SSH Key.
Password Settings
- Select one of the options:
- Generate — the password is created automatically and synchronized with the resource or domain.
- Set password manually — the password is set manually.
Enter the password and confirm it.
To change the account password not only in PAM, but also on the resource or domain, enable the option Change password on resource or Change password on domain. - Not set — the account is created without a password, which can be set later during editing.
- Click Next.
SSH Key Settings
Select one of the options:
Generate new SSH key — the key is created automatically and synchronized with the resource or domain. Choose a cryptographic algorithm to generate the key: Ed25519 or RSA.
Set SSH key manually — the key is set manually. Select the SSH key file and enter its password. RSA keys in OpenSSH and PEM formats are supported, as well as Ed25519 keys in OpenSSH format.
To create an SSH key and write it to a file, use the PuTTYgen program or one of the commands:The RSA key in the OpenSSH formatssh-keygen -t rsa -b 4096 -f id_rsa_openssh -C "RSA OpenSSH key"The RSA key in the PEM formatssh-keygen -t rsa -b 4096 -f id_rsa_pem -C "RSA PEM key" -m PEMThe Ed25519 key in the OpenSSH formatssh-keygen -t ed25519 -f id_ed25519_openssh -C "Ed25519 OpenSSH key"Not set — the account is created without an SSH key, it can be set later during editing.
Click Next.
Check the data and click Save.
Rollback Password or SSH Key
The function allows you to return the saved state of the password or SSH key for the account
- Click Rollback on your account profile.
- Select a restore point, provide a reason and complete password recovery
Verification of Password or SSH Key
The function allows you to check whether the account password or SSH key is valid.
- Click Check in the account page
Password Change
When changing an account password, pay attention to whether there are services associated with the account. When you change the account password, the passwords of the associated services will also change.
The function allows you to change the password to a random value or enter a new password manually.
- Click Change password in the Account profile
- Select one of the following options Generate random password or Set password manually
- Enter the password or continue by selecting Generate random password
- Fill in the Password change reason and click Save
Scheduled Password Change
Changing account passwords on a schedule is configured via policies.
- Open the Policies section.
- Select the policy that controls the account you want to set scheduled password change for.
- Open the Accounts section.
- Enable the Periodically change the account password and SSH key option.
- Specify the number of days in the Password and SSH key change period field. Automatic password or SSH key change will be performed once every specified number of days.
SSH Key Change
The function allows you to change the key to a random value or upload the new key manually.
- Click Change SSH key in the account profile
- Select one of the following options: Generate new SSH key or Set SSH key manually
- Select the SSH key file and enter its password or continue by selecting Generate new SSH key
- Fill in the SSH key change reason and click Save
Removing Unmanaged SSH Keys
If account has an error "Unmanaged SSH keys detected", the Remove unmanaged SSH keys button becomes available. Once clicked, only the unmanaged SSH Axidian Privilege keys will be removed.
Keys that were created or added to Axidian Privilege remain unchanged.
Synchronization
The function allows you to get the list of groups the account belongs to.
- Click Sync in the account profile
Blocking
The function allows you to suspend all permissions in which the account is used.
- Click Block in the account profile
The account will be marked with the 
symbol. All permissions in which the account is a member will be marked with the 
symbol.
Ignoring
The function allows you to put an account in a state in which it is stored without a password and cannot be used in permissions.
- Click Ignore in the account profile
The account will be marked with the 
symbol. All permissions with this account will become inactive.
Removing an Account
- Click Remove on your account profile
When removed, the account will disappear from all services associated with it. There will be a dash in the Account field in the service profile. The services will not be removed.
Rolling Back an Account
- Click Extended search in the Accounts section
- Enter your Account name in whole or in part
- Set the State field to Removed
- Select the resource or domain from which the account was added
- Open your account profile and click Rollback
- Select a password recovery point for your account
- Enter the reason for the recovery and click Rollback
When you restore an account, any previously existing associations between the account and services are not restored.