Discovery accounts are used for accessing the systems you want discovered through port scanning. These accounts must have sufficient permissions to perform network device, computer, domain, service, and account discovery. You can add a local admin account or account that is SSH key-created and domain accounts from this page (for use during the profile creation process) or add them ad hoc during the profile creation process. Domain accounts you add here cannot be managed accounts because you must specify the account password. See Using managed or unmanaged accounts for information about managed accounts. If you want to add a managed domain account for use during discovery, then add it ad-hoc during the profile creation process.
A detailed discovery (to get more detailed information, such as the accounts associated with IIS application pools, services, and scheduled tasks), requires one of the following:
- You specify an account with local administrative rights or account that is SSH key-created.
- You specify domain accounts that are local domain administrators or domain admin groups that have local administrative rights on each of the domain-joined Windows systems.
- You specify an account that is SSH key-created.
If you run port scan discovery without local administrative rights or with a domain account that does not meet the above requirement, then Privileged Access Service can only perform a basic discovery -- discover only the system type (UNIX/LINUX system or Windows system). When you add the account on this page, it becomes available for selection during the profile creation process.
For information about adding SSH keys, see Adding SSH keys
To add a discovery account:
- Click Discovery > Systems and Accounts > Discovery Accounts.
- Click the Add Account button.
- Enter a unique Name/Identifier for this account.
- Enter the account User Name.
- Choose a password or SSH key.
- Enter the account Password.
- Click Done.
This name cannot already exist as a discovery account name/identifier.
Confirm that you have entered the password correctly. An incorrect password entry will increment the Windows password counter by one each time you run discovery.