Modifying credentials in the credential vault

As a privileged administrator, you can modify the credentials in the credential vault.

1. From the navigation tree, click Manage Shared Access > Manage Credential Vault. The Select a Credential page is displayed.
2. Click Search to locate the credentials that you want to view. If you do not specify any additional information, the search includes all login IDs and services in the credential vault. To limit the scope of the search, complete these steps:
   1. In the Login ID field, specify a login ID associated with the credentials. For example, type bsmith.
   2. Enter a specific resource name in the Resource name field. For example, type AIX_Service. You can also specify a wildcard, such as *AIX* to find all resources that contain that term in the name.
   3. Optional: Click Advanced. The advanced search option opens a new page where you can specify additional search criteria. For information about the Advanced search fields, see Fields for Advanced search for credentials.
   The credentials that match the search criteria are displayed in the Credentials table.
   If the table contains multiple pages, you can:

   • Click the arrow to go to the next page.
   • Type the number of the page that you want to view and click Go.
3. Select the check box next to the credential that you want to modify.
4. Click Change. The General page of the Credential notebook is displayed.
5. Optional: On the General page of the Credential notebook, change any of the following fields:

   User ID

   The User ID for the credential.

   Description

   Type information about the credential.

   Credential Service Information table

   The credential service consists of service UID, service name, and optionally, a service type and one or more service aliases. In addition, there might be one or more service tags. To change the information, click Search. The Select Credential Service page is displayed. Complete the following steps:

   1. On the Select Credential Service page, click Search to locate the credential service. To limit the search results, you can type information in the Resource UID or alias or Resource Name field, or in both fields. The search results are displayed in the Credential Service Information table.
   2. View the search results, and take one of the following actions:
      • If the resource that you want to use for the credential exists and you want to use it without changing it, select it in the Select column, and then click OK to return to the General page.
      • If the resource does not exist, click New in the Resource Information table. The Specify Information page is displayed.
      • If the resource for the credential exists and you want to change it (for example, resource aliases or resource tags), click Change. The Specify Resource Information page is displayed.
        Note: If another credential uses the resource that you modify, the resource for the other credential that uses this resource is affected. Be careful if you use this function.
   3. If you clicked New or Change, complete the following fields on the Specify Credential Service Information page:

      Resource UID

      Type information that uniquely identifies the resource for which you are adding credentials. This field identifies the repository on which this user ID is hosted. For example, the unique identifier might be the IP address or the URL of a host or application.

      Resource Name

      Type a common name for the resource for which you are adding credentials to the credential vault. This common name identifies the repository on which this user ID is hosted. For example, the name might be Department UNIX system.

      Resource Alias

      Optional. Type a resource alias and click Add. You can specify multiple resource aliases.

      The resource alias is used if you also use Privileged Access Agent for automatic checkout. The resource alias is the IP address or hostname of the managed resource to which the credential applies. Privileged Access Agent uses the resource alias and the resource UID to locate the resource.

      To remove a resource alias, select the alias in the list and click Delete.

      Resource Tag

      Optional. Enter a resource tag for the managed resource and click Add. You can specify multiple resource tags.

      To remove a resource tag, select the resource tag in the list and click Delete.

      Click OK.

6. Optional: On the Credential Setting page of the notebook, change any of the following fields:
   1. To change the credential vault setting, select one of the following settings.

      Use default settings

      Select this option to use the global settings. The global settings are established by the system administrator. The configuration settings are displayed in the default settings list.

      Require the Check-in and Check-out process for shared IDs

      Select this option if you want authorized users to access the credential through the checkout process. This selection enforces individual accountability. You can specify for how long the account can be checked out.

      Do not require the Check-in and Check-out process for shared IDs

      Select this option if you want authorized users to view the password and access the credential without checking it out of the credential vault. This selection does not provide individual accountability.

      Credential is not shared

      Select this option if you do not want any user to access the credential by using a shared access policy. When you select this option, the credential is stored in the credential vault. However, these credentials are not available for check out.

   2. Select the Change password or key upon check in check box if you want the password or key to be changed on the account and the managed resource when the user checks in the credential.
   3. Specify the number of hours, days, or weeks in the Maximum check-out duration field for which the credential can be checked out
   4. Select the Enable check out search check box if you want to enable the credentials for a check-out search.
   5. Select the Allow view password or key download to user check box if you want the credential password and key to be visible to the user on the Self-service console.
7. Click Submit.
8. On the Success page, click Close.