Configuring password profiles

You can use global Password Profiles to define the rules applied when managed passwords are generated. There are default predefined profiles for the different types of accounts used to access systems, domains, and databases. You can clone and modify the default profiles or add your own custom profiles. You can also override the default profile for individual systems, domains, or databases, as needed.

Password profiles specify details such as the minimum and maximum number of characters the password should contain, whether lower or upper case letters are required, and which special characters are allowed. The rules you define in any custom profile should reflect what is supported in a specific type of environment. For example, some HP-UX computers don't allow passwords to contain @ or # characters.

The default set of password profiles are assigned based on the underlying operating system, such as UNIX, Windows, or Cisco NX-OS or the database type, such as Oracle or SQL Server. See the following for a complete list of supported environments and additional details:

You can change the default assignment for any specific system, domain, or database.

Only members of the System Administrator role can add, edit, clone, or delete password profiles. Members of the Privilege Service Administrator role can change the profile for any specific system, domain, or database. Members of the Privilege Service Power User role can only view the global profile settings.

To configure a new password profile:

  1. In the Admin Portal, click Settings > Resources to display the settings available for Privileged Access Service.
  2. Click Password Profiles.
  3. Click Add to create a new custom password profile.

    Alternatively, you can select any existing profile, right-click, then click Clone Profile to create a new custom password profile.

  4. Type a profile name and optional description.
  5. Set the minimum and maximum password length.

    These settings allow randomly-generated passwords to vary in length. Before setting these values, however, you should consider whether there are password limitation that are specific to the operating system, domain, or database where the profile will be used.

  6. Set any additional password complexity requirements as appropriate for the operating system, domain, or database where the profile will be used.

  7. Click Save to save the password profile.