{"id":682,"date":"2018-10-15T13:17:53","date_gmt":"2018-10-15T08:47:53","guid":{"rendered":"http:\/\/www.enhisecure.com\/isecureblog\/?p=682"},"modified":"2018-11-21T15:01:20","modified_gmt":"2018-11-21T10:31:20","slug":"identityiq-credential-cycling-using-pam","status":"publish","type":"post","link":"https:\/\/www.enhisecure.com\/isecureblog\/2018\/10\/15\/identityiq-credential-cycling-using-pam\/","title":{"rendered":"SailPoint IdentityIQ Applications Credential Cycling Using PAM Solution"},"content":{"rendered":"<p>A large number of applications on <a href=\"https:\/\/www.sailpoint.com\/\">SailPoint<\/a> <a href=\"https:\/\/www.sailpoint.com\/identity-management-software-identityiq\/\">IdentityIQ<\/a> rely on using service accounts to\u00a0communicate with the application targets. These accounts have the authorizations to\u00a0perform identity management tasks and should be treated as privileged accounts. When a privileged account management solution like <a href=\"https:\/\/www.cyberark.com\/\">CyberArk<\/a> or <a href=\"https:\/\/www.beyondtrust.com\/\">BeyondTrust <\/a>is used in the organisation, the credentials of the privileged account would be stored on the PAM solution and retrieved by IdentityIQ whenever required. The feature of credential cycling introduced in IdentityIQ 7.3 allows this to be configured with ease.<\/p>\n<p>&nbsp;<\/p>\n<p>The following presentation discusses the need for credential cycling and how it works:<\/p>\n<p><iframe loading=\"lazy\" title=\"ENH iSecure Sailpoint IdentityIQ Applications Credential Recycling Using PAM Solutions\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/nCXvoW3pN4w?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>The following demonstration illustrates a use case where credential cycling is configured with the CyberArk PAM solution:<\/p>\n<p><iframe loading=\"lazy\" title=\"ENH iSecure Sailpoint IdentityIQ Applications Credential Recycling Using PAM Solutions mp4 Demo\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/BVFSnMwImMU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>The next video\u00a0demonstrates credential cycling when configured with the Thycotic Secret Server PAM solution:<\/p>\n<p><iframe loading=\"lazy\" title=\"ENH iSecure Sailpoint IdentityIQ Applications Credential Recycling Using Thycotic PAM Solution Demo\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/z0CTS5KyJFM?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A large number of applications on SailPoint IdentityIQ rely on using service accounts to\u00a0communicate with the application targets. These accounts have the authorizations to\u00a0perform identity management tasks and should be treated as privileged accounts. When a privileged account management solution like CyberArk or BeyondTrust is used in the organisation, the credentials of the privileged account [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,8,14,16],"tags":[],"class_list":["post-682","post","type-post","status-publish","format-standard","hentry","category-cyberark","category-identity-governance","category-sailpoint","category-technology"],"_links":{"self":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/comments?post=682"}],"version-history":[{"count":3,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/682\/revisions"}],"predecessor-version":[{"id":694,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/posts\/682\/revisions\/694"}],"wp:attachment":[{"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/media?parent=682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/categories?post=682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enhisecure.com\/isecureblog\/wp-json\/wp\/v2\/tags?post=682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}