Account Policies: Add and Manage Account Policies

Vault

Account policies

Vault account policies provide a method to define account settings related to password rotation and credential checkout and apply those settings to multiple accounts at once.

Multiple account policies that apply to a single Vault account are applied in the following order, from top to bottom:

  • The account policy associated with the Vault account
  • The account policy associated with the Vault's account group
  • The global default account policy settings

If multiple account policies define a setting, then the value from the first applied policy is used.

Account Policies

Add, view, and manage account policies.

Add Account Policy

Click Add to add an account policy.

Copy Account Policy

Click Copy to copy an existing account policy.

Edit Account Policy

Click Edit to modify an existing account policy.

Add Account Policy

Add a new account policy.

Display Name

Enter a name for the account policy.

Code Name

Set a code name for integration purposes. If you do not set a code name, Privileged Remote Access creates one automatically.

Description

Enter a brief and memorable description of the account policy.

Permissions

Automatic Password Management

Scheduled Password Rotation Rules
  • Select Allow to schedule passwords for Vault accounts to automatically rotate when the password reaches a specified maximum age.
  • Select Deny to disable scheduled password rotation for Vault accounts.
Maximum Password Age

If scheduled password rotation is enabled, specify the maximum number of days a password can be in place for Vault accounts before it is automatically rotated.

Account Settings

Automatically Rotate Credentials after Check In Rules
  • Select Allow to automatically rotate passwords after a credential is checked in.
  • Select Deny to disable the automatic rotation of passwords after a credential is checked in.
Allow Simultaneous Checkout Rules
  • Select Allow to enable the ability for Vault credentials to be checked out simultaneously.
  • Select Deny to disable the ability for Vault credentials to be checked out simultaneously.

If a setting in an account policy is not defined, it inherits the settings from the global default account policy, configured from the Vault > Options page in /login.