Using managed or unmanaged accounts

If you use secure shell or remote desktop connections for a system, the account used to connect to the system can be either a managed account, that is, an account with the password automatically changed by the Zero Trust Privileged Access Service, or an unmanaged account with a password that is stored by the Privileged Access Service but not changed. In either case, the Privileged Access Service can retrieve the password programmatically without revealing it, so that administrators can use the account without knowing the password being used.

By logging on to target systems without a password, you can keep shared accounts more secure and enable administrators to open sessions from within or outside of the firewall based on how you choose to deploy the service.