Account Policies: Add and Manage Account Policies
Vault account policies provide a method to define account settings related to password rotation and credential checkout and apply those settings to multiple accounts at once.
Multiple account policies that apply to a single Vault account are applied in the following order, from top to bottom:
- The account policy associated with the Vault account
- The account policy associated with the Vault's account group
- The global default account policy settings
If multiple account policies define a setting, then the value from the first applied policy is used.
Add, view, and manage account policies.
Add Account Policy
Click Add to add an account policy.
Copy Account Policy
Click Copy to copy an existing account policy.
Edit Account Policy
Click Edit to modify an existing account policy.
Add Account Policy
Add a new account policy.
Enter a name for the account policy.
Set a code name for integration purposes. If you do not set a code name, Privileged Remote Access creates one automatically.
Enter a brief and memorable description of the account policy.
Automatic Password Management
Scheduled Password Rotation Rules
- Select Allow to schedule passwords for Vault accounts to automatically rotate when the password reaches a specified maximum age.
- Select Deny to disable scheduled password rotation for Vault accounts.
Maximum Password Age
If scheduled password rotation is enabled, specify the maximum number of days a password can be in place for Vault accounts before it is automatically rotated.
Automatically Rotate Credentials after Check In Rules
- Select Allow to automatically rotate passwords after a credential is checked in.
- Select Deny to disable the automatic rotation of passwords after a credential is checked in.
Allow Simultaneous Checkout Rules
- Select Allow to enable the ability for Vault credentials to be checked out simultaneously.
- Select Deny to disable the ability for Vault credentials to be checked out simultaneously.
If a setting in an account policy is not defined, it inherits the settings from the global default account policy, configured from the Vault > Options page in /login.