Add a Managed System Manually

Settings vary depending on the platform type. When an account is manually added to a managed system, the default configuration of the account is set to what is configured on the managed system.

There are two ways to add a managed system manually. From the Managed System grid, click Create New Managed System.

Alternatively, link the managed system to an asset:

Screenshot of adding an asset to Password Safe from the Assets page.

  1. On the Assets page, select the system you want to manage, and then click the vertical ellipsis at the right end of the line.
  2. Select Add to Password Safe from the menu.


  1. On the Create New Managed System form, set the system settings. The settings vary based on the platform selected. The settings are described in the following table.
  2. Click Create Managed System.


Setting Description or Action
Platform Select a platform type from the list.
Name Enter a unique name for the system.
Instance Number (SAP only)

If you have added your System Application Products (SAP) environment to Password Safe management, provide the instance number.

Description Enter a description for the system.
IP Address Enter the IP address for the system.
DNS Name Enter the DNS name for the system.
Workgroup Select the system workgroup from the dropdown list.

Enter a port number.

NetBIOS (Windows and Active Directory managed systems only) Enter a unique name for the system.
Enable Automatic Password Management

Toggle to automatically check and update managed account passwords at a set frequency or after password releases.

Default Password Policy

Select a Password Safe password policy or use the default policy. The policy provides the requirements used by Password Safe to create passwords, such as password length and permitted characters.


Select an elevated account to run as: sudo, pmrun, pbrun, pbrun jumphost.

If you are using pbrun jumpost, enter the IP address for the Privilege Management for Unix & Linux policy server that you want to connect to.

SSH Key Enforcement Mode is not available if you are using pbrun jumphost.

Functional Account Select a functional account from the list.
Use Login Account for SSH Sessions

Create a login account to allow the user to open an SSH session in environments where remote shell access is not permitted, for instance the root account.

Login Account: Select the account name.

Account Name Format

Select an account name format from the list: sAMAccountName, UPN or domain\account.

Timeout The timeout value determines the amount of time in seconds that a connection attempt to the managed system remains active before being aborted. In most cases, we recommend you use the default value (30 seconds). If there are problems with connection failures with the system, this value can be increased.
SSH Key Enforcement Mode

Verifies SSH host keys from a known host. You can import SSH keys from a host using a Smart Rule.

Auto Accept Initial Key: The first key imported is automatically accepted. Any new key imported after the initial key must be manually accepted.

Manually Accept Keys: SSH connections to the host are permitted for accepted keys only. If a new key is detected from the host, the key is stored in the database and an email is sent to the Administrators user group. The key must then be accepted or denied.

Default DSS Key Policy

If you are using DSS authentication for the system, select a key policy or use the default.

Release Duration

The duration that can be requested during the request process. The default value is 2 hours. When the Requested Duration (as entered by the user on the Requests page in the web portal) is exceeded, the session ends if the Force Termination option is enabled for the access policy.

Max Release Duration The maximum length of time the requester is permitted to enter on the Requests page. Applies to password and session requests. The maximum length that can be set is 365 days.
Contact e-mail Enter the email address where you want Password Safe system notifications to be sent.