A large number of applications on SailPoint IdentityIQ rely on using service accounts to communicate with the application targets. These accounts have the authorizations to perform identity management tasks and should be treated as privileged accounts. When a privileged account management solution like CyberArk or BeyondTrust is used in the organisation, the credentials of the privileged account would be stored on the PAM solution and retrieved by IdentityIQ whenever required. The feature of credential cycling introduced in IdentityIQ 7.3 allows this to be configured with ease.
The following presentation discusses the need for credential cycling and how it works:
The following demonstration illustrates a use case where credential cycling is configured with the CyberArk PAM solution:
The next video demonstrates credential cycling when configured with the Thycotic Secret Server PAM solution: