Vaulting a cloud provider root user account

In Centrify PAS, root accounts allow you to vault a password. Vaulting the cloud provider root account in Centrify PAS allows you to securely store the root account credentials and manage access. Additionally, you can configure Centrify as the MFA device for the AWS account.

To vault or edit a cloud provider root user account

  1. In the Admin Portal, navigate to Resources > Cloud Providers. Select an existing cloud provider.

Note:   You can also vault a cloud provider root user account when you are adding a new cloud provider. For information on adding a new cloud provider, see Managing your cloud provider account

  1. Click Root Account and click Vault Root User Account. Enter Root User Email Address and Password.
  2. Under Interactive Password Rotation, choose Yes to Enable interactive password rotation on demand rotation of your root account password from Centrify PAS.

  1. For Prompt to change root password every login and password checkin, choose Yes. If this is enabled, you will be prompted to interactively rotate the password each time you login and checkin. When you click Yes to rotate password, you are taken back to the update password screen in the AWS console and the root account password is automatically rotated, concluding at the AWS account information page:

  1. Select Yes for Enable password rotation reminders to set a minimum number of days since last rotation to trigger a reminder. The reminder is a banner that displays in the cloud provider user interface.
  2. And finally, click the Root Account Virtual MFA Device button to configure Centrify as the MFA virtual device for the AWS root account.

Once you have vaulted a cloud provider root user account, you can right-click the account and perform the following actions:

Once vaulted, you can drill deeper into a root account by clicking the account. Here, you can view or set the following for the root account: