Vaulting Non-Computer Credentials

EmpowerID's Privileged Access Management (PAM) feature allows you to protect and manage any type of credentials used within your organization to include privileged accounts that are not computer logins. In EmpowerID, these type of credentials are known as "non-computer" or "shared" credentials. Non-computer credentials are vaulted user names and passwords that can be requested and checked out by users to access the specific applications and other resources authorized by those credentials. When you vault a non-computer credential, you specify the type of credential you are vaulting and link it to the Shared Credential policy for that credential type.

When a request for a non-computer credential is approved, users check out the credential to access the resources authorized by the credential. When the user is done with the credential—or the allocated time frame for using the credential has expired—the credential is checked in. Depending on the policy associated with the credential, the password may or may not be reset by the EmpowerID system.
If the Default Access Duration in Minutes setting on the policy to which the credential is linked has been reached, the EmpowerID system automatically checks in the credentials and terminates the users access to those credentials. If more time is needed, the user will need to request access again.

To vault a non-computer credential

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to the Shared Credentials find page by expanding Resources and clicking Shared Credentials.
  2. From the Shared Credentials find page, click the All Shared Credentials tab and then click the Add Shared Credential button.
  3. In the Password Vault Data form that appears, do the following:
    1. Select Default Credentials from the Type drop-down.
    2. EmpowerID encrypts the user name, password and notes information for all credential types.
    3. Type an appropriate name and display name for the credential in the Name and Display Name fields, respectively.
    4. Select the Shared Credential policy to which the credentials should be linked from the Shared Credential Policy drop-down. When selecting the Shared Credential policy for non-computer credentials, you have the below default options:
      • Non-Computer Creds - Multi-Check-Out - No Password Reset - Select this policy if the credentials you are creating are those for an account where more than one check out is allowed and you do not want the password for the account to be reset by the EmpowerID system when any one user checks in those credentials.
      • Non-Computer Creds - No Multi-Check-Out with No Password Reset - Select this policy if the credentials you are creating are those for an account where more than one check out is not allowed and you do not want the password for the account to be reset by the EmpowerID system when any one user checks in those credentials.
      • Service Account with Scheduled Password Reset - Select this policy if the credentials are those for a Windows Service account or IIS App pool identity. When you select this policy, the EmpowerID system will reset the password for the service account or IIS App Pool identity against all Windows servers in your environment that have Windows Services or App Pools.
    5. Type a description in the Description field.
    6. Type the user name for the account you are vaulting in the User Name field.
    7. Type the password for the account you are vaulting in the Password field.
    8. Click Save.
    9. If you have yet to enter your master password for this session, EmpowerID prompts you to do so. Enter your master password and click OK.
    10. If you have not created a master password for yourself, EmpowerID prompts you to do so. Type the desired password in the Password and Confirm Password fields and then click OK.