Configure a password change
- Register an credential for password change
- Create template to be used
- Create or edit a credential in PAM Core ➔ Credentials ➔ All
- In the Execution settings tab, fill the following fields:
- Parent credential (optional): you can use it to change the password of this credential when the selected parent credential has its password changed
- Mark the Enable automatic change checkbox
- Select the executor in Change plugin. There is no validation that the device has its active connectivity
- Select the Change template
- Define if it will Use own credential to connect into the device or will use another credential
- To finish, click on the Save button
The Parent credential works as a password change chain, where the change of a parent credential initiates the process of all its child credentials. A parent credential does not prevent the child credential from being changed manually or automatically.
The password change will not be performed when it has multi-factor authentication enabled or it needs a human interaction.
Request a password change
To request a password change for a credential:
- Go to the menu Executions ➔ Request password change
- Select the desired credentials and click on the footer button Request password change. When requesting the change, an asynchronous task will be scheduled.
- Click on the Yes button to confirm the password change request
This report will only show active credentials with automated change configured.
The credentials selected will be scheduled to have their password changed immediately and the password change resets the trigger counters.
View the password change execution
Go to the menu Executions ➔ List operations to view all registered operations.
These operations are performed asynchronously and vary in the following states:
- Scheduled: This is the first one. As soon as the execution is requested, the asynchronous task waits for the execution time or is in the queue if it is full. You can cancel the operation with this status.
- Awaiting approval: Some modules require an approval flow to run. The Certificates and Task Manager modules use this function. You can cancel the operation with this status.
- Canceled: If it is in the Scheduled or Waiting for approval states, it is possible that the administrator will cancel the operation before it is executed.
- Running: These are the operations that are already running at this moment. When it is running, you cannot perform any action.
- Successfully performed: These operations have been successfully executed. You will have access to the details of that run.
- Error: These are operations that have not been correctly performed. Check through the action Details to understand the reason. You can restart the process if you want.
- Expired: These are the operations in the state Awaiting approval whose approval period has expired.
Within the actions available for operations, you have the following options:
- View attempts: For finished operations, through this action, you will have access to the logs and details of the operation
- Restart execution: If the operation has finished with an error state, through this action, you restart the operation. The use of failure motivators has been mitigated
- Request immediate execution: When many operations are scheduled to run, through this action, you will prioritize the selected operation;
- Cancel operation: Allows you to cancel running while it is not executed or completed;
- Operation details Allows the user to visualize the operation details, containing information about the execution;
- Edit Credential Allows the user to edit the credential used on the template execution;
- Edit Device Allows the user to edit the device on which the template will be executed.
The menu Executions ➔ List attempted operations will centralize the result of each attempt of each operation. This report serves as a guide to support the identification of active errors in your park.