Credential Cycling Configuration
This section gives an overview of the process for configuring credential cycling. More detailed information about template configuration is provided in Solution-Specific Configuration Details.
Note: To enable credential cycling, BeyondTrust PowerBroker Password Safe application passwords must be configured in the JSON format:{"bt_user":"MyUserName","bt_password":"MyPasswordValue"}
Prerequisites for Credential Cycling
-
Install and configure the PAM Module. See Activating the Privileged Account Management Module.
-
Define a PAM application in IdentityIQ. See Configuring a PAM Application.
Edit and Import the Configuration Template
A template file is provided in your IdentityIQ installation for use as a model for setting up your own configuration. The template file includes sections for BeyondTrust, CyberArk, and a solution-neutral mapping option. If you are using a PAM solution other than BeyondTrust or CyberArk, you can use those sections of the template as a model for configuring another PAM solution.
This credentialConfigurationTemplate.xml
is located in the WEB-INF\config
directory of your IdentityIQ installation.
The file is fully commented to provide guidance as you insert your configuration settings.
Note: When working with templates it is a best practice to make a copy of the template to hold your specific configuration values, rather than modifying the original template file.
The basic steps you will follow for using the configuration template are:
-
Edit your copy of the template to add information about which of your applications will use credential cycling
-
Import the edited template file into IdentityIQ using Gear icon > Global Configuration > Import File
-
Importing the file creates a new configuration object in IdentityIQ: Credential Configuration
Modifying Your Credential Cycling Configuration
If you need to update your credential cycling configuration, you can modify and reimport the credential configuration template, or you can edit the Credential Configuration object directly in the Debug pages. Choose Configuration in the Debug page's Select an object list box, to find Credential Configuration in the list of objects.
Solution-Specific Configuration Details
See these sections for solution-specific guidance on the configuration template: