Password Safe Integration

You can integrate Privilege Management for Mac and Password Safe to rotate passwords on your macOS endpoints.

Prerequisites

  • BeyondInsight Adapter 21.2

Configure the BeyondInsight Adapter Settings

BeyondInsight Adapter installation instructions are provided earlier in the guide.

For more information, please see Install the BeyondInsight Adapter.

Configure the following settings in the settings_app.xml:

  • PasswordSafeState: The state of the feature: Enabled, Disabled, and Not_Configured (case sensitive). The default is Not_Configured.
  • PasswordSafeHeartBeatInterval: The time span, in minutes, the endpoint polls Password Safe checking for updated passwords. Valid values are 1 to <max unsigned 32 bit integer>. The default is 60 minutes.

You can change settings in two ways:

  • Add the settings
  • Send a Privilege Management for Mac policy that contains Password Safe settings. When an asset has multiple policies, the first policy with valid settings is used. The policy's settings are written to settings_app.xml.

Example section of the Password Safe settings in Privilege Management for Mac policy:

<Configuration>
    <!-- Omitted usual nodes -->
    <PasswordSafeLocalRotation>
        <State>Enabled</State>
        <PasswordHeartbeatInterval>60</PasswordHeartbeatInterval>
    </PasswordSafeLocalRotation>
</Configuration>

Configure Password Safe

The macOS endpoints must be added to Password Safe as assets.

For more information, please see Add Assets to Password Safe in the Password Safe Administration Guide.