Credentials in the credential vault can be connected to an account or not
connected to an account.
- Credentials that are connected to an account
- Privileged administrators can add credentials that are connected to an existing
account to the credential vault.
To add credentials that are connected to an account to the credential vault, select Manage Shared
Access > Manage Credential Vault in the administrative console. See Adding credentials that are connected to an account through Manage Credential Vault.
When you add a
credential that is connected to an account to the credential vault, you can choose to have the
password for the credential and account on the managed resource updated automatically when the
user checks in the credential.
- Credentials that are
not connected to an account
- Privileged administrators can add credentials that are not connected to an account
to the credential vault. You can select
Manage Shared Access > Manage Credential Vault in the administrative
console. See Adding credentials through Manage Credential Vault.
There are advantages of adding credentials to the credential vault in this way:
- You do not need to first create a service and run reconciliation to get
shared accounts in IBM® Security Privileged Identity Manager.
- You do not need to provide as much information as when you add a credential that is
connected to an account. You provide only information about the user ID and some information
about the resource to which the user ID applies. For example, if you know about a user
account on a UNIX system, you can add the credentials for that system to the credential vault. Other IBM Security Privileged Identity Manager users can then check out the credentials and
use them to access the UNIX system.
However, when you add a credential that is not connected to an account to
the credential vault, you cannot have the
password updated automatically when the user checks in the credential.