Domain Account to Asset Mapping

Is it possible to map a domain account (discovered through AD) to a Windows Server?

Say we have, for example, 2000 domain account that have one-to-one access mapping on 2000 Windows server; each server is being accessed by only 1 account.

Should we create 2000 asset-based access request policy for each directory account? Is there any other way to accomplish this? and if not, how can we faster the creation process?

Thanks.

  • Hi Aalaa,

    There is a feature in SPP that allows you to link an AD account to each user this way if the entitlement is for a password access request policy that is configured with the Access config to "allow password access to linked accounts", then each user will have access to request the password of their 1 to 1 AD linked account.

    For Session requests, you can also configure Access config to use a Linked Account, that way the user will be able to request their respective 1 to 1 AD linked account on the Assets defined in the Scope.

    Is that your use case?

    Otherwise, if you want user(s) to be able to request only one specific AD account and no other to only one specific Asset and no other then that will require a separate Access Request Policy for each AD account and Asset combination.

    SPP offers an API which can be utilized for scripting administrative tasks, for assistance with implementation, we recommend engaging our Professional Services team:

    https://support.oneidentity.com/one-identity-safeguard-for-privileged-passwords/professional-services

    Thanks!