Safeguard Community

Forum How to manage database dependent accounts

State Not Answered
Replies 3 replies
Subscribers 28 subscribers
Views 730 views
Users 0 members are here

Options

Related

How to manage database dependent accounts

noriel bernardo over 1 year ago

Hi,

I have a customer that wants to manage replicas of databases and accounts;

These databases are replicas or essentially copies of each other;
the accounts and passwords are then the same for each replica;
the accounts are local and not directory accounts

For example, there are two MySQL databases A and B and are essentially a copy of each other.

How do we onboard A and B and specify that account 'Shared' is a dependent account for both A and B?
How do we ensure that if we reset the password for Shared that the password will be set and be the same on A and B?

Kind regards,

Noriel

Parents

0 Tawfiq.Ahmad over 1 year ago

Hi Noriel,

How are the passwords kept in sync at the moment?

If you change the password manually on Database A does it auto replicate to Database B?

If so then SPP would only have to change it on one Database and let the DB replication handle the sync is one scenario.

Otherwise, you can also test using Password Sync Groups feature in SPP where you can add two accounts in a group and have SPP set the same password for both.

More on Password Sync Groups can be found here:

support.oneidentity.com/.../110

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 noriel bernardo over 1 year ago in reply to Tawfiq.Ahmad
Hi Tawfiq,

At the moment, only database A and account is on boarded; the account is then password managed.

IF the password is changed on database A account, then Yes, the password is auto replicated to database B

The problem is if Safeguard changes the database A account password, how then will Safeguard know to also match the password for database B account and not change it again?

This is an interesting feature, however database B could be read only. Also, even if it weren't the database may employ password history which would prevent the Password Sync Group from resetting lower priority accounts in the password sync group

Kind regards,

Noriel
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 noriel bernardo over 1 year ago in reply to Tawfiq.Ahmad
Hi Tawfiq,

At the moment, only database A and account is on boarded; the account is then password managed.

IF the password is changed on database A account, then Yes, the password is auto replicated to database B

The problem is if Safeguard changes the database A account password, how then will Safeguard know to also match the password for database B account and not change it again?

This is an interesting feature, however database B could be read only. Also, even if it weren't the database may employ password history which would prevent the Password Sync Group from resetting lower priority accounts in the password sync group

Kind regards,

Noriel
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

0 Tawfiq.Ahmad over 1 year ago in reply to noriel bernardo

Hi Noriel,

In that case if the out of box MySQL Platform does not support managing the MySQL replicas, this may require some customized solution.

For custom platforms, you may discuss with your account manager to engage Professional Services for options on that.

https://support.oneidentity.com/one-identity-safeguard-for-privileged-passwords/kb/262149/how-to-use-custom-platforms-in-safeguard

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel