Managed Accounts as Reusable Credentials
If you have multiple explicit connection targets that use the same user name and password, you can define it as a managed account in a target domain. The benefit of using defining credentials in a managed account (instead of as explicit accounts):
- You only need to define the credentials once.
- Password changes are applied to all target hosts. Compare this with explicit accounts where you'd need to manually change the password per each target host.
PrivX managed accounts must belong to Target Domains. For more information about creating them, see Deploying Domain to PrivX.
If the credentials belong to a domain user, you can make their account managed as described in Managing Domain-User Passwords. Alternatively, you can also add a local managed account as follows:
- On Administration→Deployment→Target Domains, click ☰ next to your mock target domain, then select List Managed Accounts.
- Click Add Managed Account, provide the account information including Username and Password. Disable Explicit Checkout. Click Save to save the new account in PrivX.
- For local managed accounts you will also need to set the password manually: On Administration→Deployment→Target Domains, click ☰ next to your target domain, then select List Managed Accounts. Next to the right managed account, click ☰ then select Provide Password. Specify the new password for the managed account.
After the managed account is set up, you can set it as a connection target on your hosts.
On Administration→Hosts, Edit a host.
Add the account under the Accounts section as an Explicit account. Use the Username of the managed account. Also set the Target Domain to the target domain created earlier. Remember to specify the roles that may connect to the account.
Save your changes.
PrivX will use the new password for logins targeting the managed account.