Committing alternative accounts

When you are ready for Privileged Access Service to manage the alternative account passwords and bring those accounts into our system, then commit the accounts. Committing the alternative accounts mean you are allowing Privileged Access Service to do the following on the accounts:

  • Add a domain account representing the alternative account.
  • Change the account password to a value that only Privileged Access Service knows.
  • Grant the associated owner permission to use the account.

Note:   The user performing the commit action must have the domain add account permission. If the account is already being manage by Privileged Access Service, then the account must have the Grant permission on the account because so that we can update the permission for all the owners.

You can commit all Strongly Matched accounts by clicking the Commit Matched button on the Discovered Accounts page. After you commit an account, it is moved from the Discovered Accounts page to the Accounts page (Resources > Accounts). Weakly matched accounts must be committed manually.

To commit manually:

  1. Click Discovery > Alternate Accounts > Discovered Accounts.
  2. (Optional) Use the filter dropdown box to find the weakly matched accounts.

  3. Select the check boxes associated with the accounts for which you want to commit.
  4. Click Actions > Commit.
  5. Click Yes to confirm the commit.

    The commit process runs in the background. Accounts that fail the commit process contain error messages in the “Commit Result” column. Successfully committed accounts are removed from the Discovered Accounts table. Refresh the page to see the updated discovered accounts.

After you commit the accounts, you can navigate to Resources > Accounts to see the successfully committed accounts. The newly committed accounts may show “Missing Password” in the Last Verify Result column until the background job finishes. When the background job finishes, the Last Verify column shows the date and time of the verification and you can now access the alternative account using the general account.