LogoLogo
Archive
Archive
  • Introduction to Cymmetri Cloud 2.0
    • FAQ
      • Adding the Application
      • Supported Web Browsers
      • Forgot Password & Unlock Account
      • Cymmetri Error codes
      • Help
  • Getting Started with Cymmetri Cloud 2.0
    • What is Cymmetri?
    • Starting your Cymmetri Cloud 2.0 Trial
    • Accessing Cymmetri Cloud
    • First Time User Registration
    • Logging in as an end user
    • Setting up Multi-factor authentication rules for Login
  • Administration
    • Reports and Analytics
  • My Workspace
    • Getting Started
      • Introduction
      • Login with External Identity Provider - Social logins
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • Session Management
  • Application Management
    • FAQ
      • Support for Application Management
    • Getting Started
      • Introduction to Application Management
      • Adding Applications to be managed by Cymmetri
      • Assigning Applications to End Users
      • Configuring Connector Server
    • SSO How to
      • Configure Single Sign On
      • Configure SAML 2.0 Single Sign On
      • Configure API SSO
      • Configure OpenID Connect based Single SignOn
    • Provisioning How to
      • Azure Provisioning
      • Active Directory (AD) Provisioning
      • Google Apps (Workspace) Provisioning
      • LDAP Provisioning
      • Powershell Provisioning
      • REST Connector Provisioning
      • SCIM v2.0 Provisioning with Basic Authentication
      • SCIM 2.0 with Bearer Authentication
      • SCIM 2.0 with Fixed Bearer
      • Github Provisioning
    • Reconciliation How to
      • Configuring Reconciliation Process
  • Managing Users and Groups
    • Setting up Users and Groups
      • Create Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Setting up permissions for Delegation
  • Common Features
    • Features used throughout the Cymmetri Platform
      • Workflow Management
      • Configuring Webhooks
      • Multifactor Authentication (MFA)
  • Personalization
    • How to configure your tenant and personalize it
      • Adding new admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Add Branding to your tenant
      • Adding Custom Attributes for User Object
  • Authentication
    • Identity Federation
      • Steps to Configure Azure AD as External IDP for Cymmetri
  • Governance
    • Access Certification
      • Setting up and managing Access Reviews
  • Additional Tools
    • Miscellanous Tools and Utilities
      • Password Filter
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
Powered by GitBook

Cymmetri.com

On this page

Was this helpful?

Export as PDF
  1. Privileged Access Management
  2. PAM Administration

Vaulting Configuration

Last updated 1 year ago

Was this helpful?

Vaulting Configuration section allows you to configure various details about vaults that are necessary for proper and efficient usage of vault users

It allows you to configure the following:

  1. Password Policy

  2. Active Directory (A central location for vault users)

  3. Manual Generation of Passwords for Vault Users (All or Specific Users)

Password Policy

  1. Cymmetri allows you to select a specific Password Policy for Vault Users, If nothing is changed it uses the default password policy of Cymmetri.

  2. For Changing the Password Policy for Vault Users, Select Vaulting Configuration and then select the Password Policy that you wish to implement from the dropdown provided as shown below:

Active Directory

  1. If the vault users are stored at a central location like Active Directory then we need to configure the location and access credentials of this Active Directory.

  2. For configuring the Active Directory we need to provide the following information as shown below:

    1. Active Directory Domain: Here we need to provide the Active Directory LDAP URL and the root domain details. For e.g. ldaps://EC2AMAZ-2LBJU5A.cymmetri.in:636;DC=cymmetri,DC=in

    2. User Name: This is the Active Directory Administrative username. For e.g. Cymmadmin

    3. Password: This is the Active Directory Administrative password.

Generation of Passwords for Vault Users (All or Specific Users)

For Generating Password for Vault User we need to do the following configurations:

  1. One or more users who will receive an email that contains the list of usernames and passwords

  2. Password for opening the file which contains the list of usernames and passwords

  3. Configure a scheduler to reset the password of users and send an email to the above configured use

  4. Manually send the list of usernames and passwords of all or specific users

One or more users who will receive an email that contains the list of usernames and passwords:

For adding users who will receive the email containing the list of usernames and passwords we need to select one more cymmetri users here as shown below:

Password for opening the file which contains the list of usernames and passwords

For Configuring the password simply enter the password in the password box provided

Configure a scheduler to reset the password of users and send an email to the above configured use

For configuring a schedular we need to enable the scheduler and provide the following details:

  • A start execution date and

  • cron expression

The cron expression can also be generated using the Generate Cron Expression option as shown below:

Manually reset and send the list of usernames and passwords of all or specific users

  • Password of vault users can be reset manually and sent an email for all or for specific users

  • You can either reset password for all users and send a list by selecting the All users option and clicking on Generate Password button as shown below:

  • Alternatively you may also send a list of only specific usernames and passwords by selecting To specific users option and then selecting the users whose details you need to reset and send.