Requirements: Roles and Settings

Requestor & Requestor/Approver Roles

The Password Safe user running the Password Cache must have at least one Managed Account Smart Rule configured with the Requestor or Requestor/Approver role.

ISA Role

The Password Cache does not currently support ISA-based password requests; therefore, it’s important to ensure the user running the cache does not have the ISA role defined for any Managed Account Smart Rules.

Access Policy

Auto Approval

The Managed Account Smart Rule configured with the Requestor or Requestor/Approver roles must have an Access Policy assigned that has View Password access set to Auto Approve.

The Managed Account Smart Rule configured with the Requestor or Requestor/Approver roles must have an Access Policy assigned that has View Password access set to Auto Approve.

 

Daily Recurrence - Multi-day Checkouts

If the Access Policy is configured for Daily recurrence, ensure Allow multi day-check-outs of accounts is enabled.

If the Access Policy is configured for Daily recurrence, ensure Allow multi day-check-outs of accounts is enabled.

 

Managed Account Settings

Enable for API Access

Ensure this option is enabled for Managed Accounts that will be cached.

Default Release Duration

The Default Release Duration is used to determine how long account credentials are cached before being renewed.

Concurrent Requests

If the Managed Accounts configured to be cached will also be used by other Password Safe users at the same time, concurrent requests should be set to zero (0 denotes unlimited) or a value greater than one. Requests performed by the Password Cache count as a request.

Supported Operating Systems

  • Windows Server 2012 R2 and above releases
  • RHEL/Centos 64 bit 6.8 and above releases

Supported APIs

  • POST Auth/SignAppIn
  • POST Auth/Signout
  • GET Requests
  • POST Requests
  • POST Aliases/{aliasId}/Requests
  • GET Credentials/{requestId}
  • GET Aliases/{aliasId}/Credentials/{requestId}
  • GET ManagedAccounts
  • GET ManagedAccounts?systemName={systemName}&accountName={accountName}
  • GET Aliases

For details on each method, please see the BeyondInsight and Password Safe API Guide.