LogoLogo
3.0.0
3.0.0
  • Getting Started
    • What is Cymmetri?
    • Release Notes
    • Starting your Cymmetri Trial
    • Admin Dashboard
    • Accessing Cymmetri
    • Supported Web Browsers
    • Cymmetri Error Codes
    • Help
    • Personalization
      • General Configuration
      • Admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Tenant Branding
      • Custom Attributes
  • Identity Hub
    • Managing Users and Groups
      • User Management
      • User Detail
      • Create Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Delegation
        • Setting up Delegation
        • Delegating Work to Delegatee
        • Accepting Delegation
      • Suspended Users
      • Archived Users
      • All Users Session
    • Authentication
      • Identity Provider
        • Internal IDP
          • Introduction
          • Internal Identity Provider Configuration: Cymmetri
          • Internal Identity Provider Configuration: Active Directory
          • Internal Identity Provider Configuration: LDAP
        • External IDP
          • Introduction
          • External Identity Provider Configuration - Google IDP
          • External Identity Provider Configuration - Azure IDP
          • External Identity Provider Configuration - Salesforce IDP
      • Service Provider
      • Authentication Rules
      • Password Policy
      • Global Auth Policy
      • Adaptive
    • Attribute Setting
    • Password Filter
    • Logs
      • Audit Log
      • Import History
      • Scheduler History
  • Lifecycle Management
    • Application Management
      • Support for Application Management
      • Getting Started
        • Introduction to Application Management
        • Adding Applications to be managed by Cymmetri
        • Assigning Applications to End Users
        • Dynamic Forms
        • Configuring Connector Server
      • Provisioning How to
        • Azure Provisioning
        • Active Directory (AD) Provisioning
        • Google Workspace Provisioning
        • LDAP Provisioning
        • Powershell Provisioning
        • REST Connector Provisioning
        • SCIM v2.0 Provisioning with Basic Authentication
        • SCIM 2.0 with Bearer Authentication
        • SCIM 2.0 with Fixed Bearer
        • Github Provisioning
      • Reconciliation How to
        • Configuring Reconciliation Process
      • Rules
        • Provisioning
        • Deprovisioning
    • Workflow Management
      • Workflow Configuration
      • Workflow Rules
      • Pending Workflows
      • Workflows List
    • Teams Config
    • Configuring Webhooks
  • Single Sign On
    • Introduction
    • SSO Configuration
      • SAML 2.0 Based SSO
      • API Based SSO
      • OpenID Connect Based SSO
    • Multifactor Authentication(MFA)
      • Introduction
      • Cymmetri Authenticator
      • Push Authenticator
      • Google Authenticator
      • SMS Authenticator
      • Secret Questions
      • FIDO Authenticator
      • Admin MFA Setting
    • Passwordless
      • Introduction
      • TOTP Based
      • OTP Based
      • Consent Based
      • FIDO Based
  • My Workspace
    • Getting Started
      • Introduction
      • First Time User Registration
      • End User Login Process
      • Forgot Password & Unlock Account
      • User Settings
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • On Behalf
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
  • Governance
    • Insights
      • Reports
      • Risk
    • Access Certification
      • Setting up and managing Access Reviews
  • Self-Service App
Powered by GitBook

Cymmetri.com

On this page

Was this helpful?

Export as PDF
  1. Privileged Access Management
  2. PAM Administration

Vaulting Configuration

Was this helpful?

Vaulting Configuration section allows you to configure various details about vaults that are necessary for proper and efficient usage of vault users

It allows you to configure the following:

  1. Password Policy

  2. Active Directory (A central location for vault users)

  3. Manual Generation of Passwords for Vault Users (All or Specific Users)

Password Policy

  1. Cymmetri allows you to select a specific Password Policy for Vault Users, If nothing is changed it uses the default password policy of Cymmetri.

  2. For Changing the Password Policy for Vault Users, Select Vaulting Configuration and then select the Password Policy that you wish to implement from the dropdown provided as shown below:

Active Directory

  1. If the vault users are stored at a central location like Active Directory then we need to configure the location and access credentials of this Active Directory.

  2. For configuring the Active Directory we need to provide the following information as shown below:

    1. Active Directory Domain: Here we need to provide the Active Directory LDAP URL and the root domain details. For e.g. ldaps://EC2AMAZ-2LBJU5A.cymmetri.in:636;DC=cymmetri,DC=in

    2. User Name: This is the Active Directory Administrative username. For e.g. Cymmadmin

    3. Password: This is the Active Directory Administrative password.

Generation of Passwords for Vault Users (All or Specific Users)

For Generating Password for Vault User we need to do the following configurations:

  1. One or more users who will receive an email that contains the list of usernames and passwords

  2. Password for opening the file which contains the list of usernames and passwords

  3. Configure a scheduler to reset the password of users and send an email to the above configured use

  4. Manually send the list of usernames and passwords of all or specific users

One or more users who will receive an email that contains the list of usernames and passwords:

For adding users who will receive the email containing the list of usernames and passwords we need to select one more cymmetri users here as shown below:

Password for opening the file which contains the list of usernames and passwords

For Configuring the password simply enter the password in the password box provided

Configure a scheduler to reset the password of users and send an email to the above configured use

For configuring a schedular we need to enable the scheduler and provide the following details:

  • A start execution date and

  • cron expression

The cron expression can also be generated using the Generate Cron Expression option as shown below:

Manually reset and send the list of usernames and passwords of all or specific users

  • Password of vault users can be reset manually and sent an email for all or for specific users

  • You can either reset password for all users and send a list by selecting the All users option and clicking on Generate Password button as shown below:

  • Alternatively you may also send a list of only specific usernames and passwords by selecting To specific users option and then selecting the users whose details you need to reset and send.