Password release

Hello,

I would like to know, the complete detail of password release by TPAM. what is password release and when TPAM release the password.

As well when i generate the report i can see the duplicate request ID and the same reason.

As well what is the meaning of ISA releaseID

Can any one explain this.

Thanks!!!!!!!!!!!!!

Parents
  • SystemName AccountName UserFullName RetrievedDt RequestID ISAReleaseID Reason
    server-DR root jafar 5/4/2021 8:21 1-553   Monthly Health check for server
    server-DR root jafar 5/4/2021 8:23 1-553   Monthly Health check for server
    server-DR root jafar 5/4/2021 9:04 1-553   Monthly Health check for server
    server-DR root jafar 5/4/2021 9:34 1-553   Monthly Health check for server
    server-DR root jafar 5/4/2021 9:35 1-553   Monthly Health check for server
    server-DR root jafar 5/4/2021 9:37 1-553   Monthly Health check for server
    server-DR root jafar 5/4/2021 9:38 1-553   Monthly Health check for server
    server-DR root jafar 5/4/2021 9:39 1-553   Monthly Health check for server
    server-DR root jafar 5/4/2021 9:44 1-553   Monthly Health check for server
    server-DR root jafar 5/4/2021 9:50 1-553   Monthly Health check for server

    This is the report i generate, i would like to know why its showing multiple time with same request id and same reason as well as what is ISAReleaseID

  • Hi Jafar

    Easy but first.

    The ISAReleaseID column is empty. It would only be populated IF you made a request to release a password as a user on an account with the ISA  permission assigned to it.

    As to the rest of the report I am not sure what is going on here. While the RequestID is the same for each request the time stamp is different suggesting that each reported event is unique and so is reported.

    If I had to guess I would say a request to retrieve the password for the "root" account lasting for at lease 2 hours (based on the times shown) has been made. So for the duration of this period ANY requests made to retrieve the "root" password would have the same RequestID assigned to it.

    I would further guess that this particular "root" account is being used on multiple systems as I cannot see any reason to retrieve it so frequently were this not the case. However. This would also suggest a "Static" account which is not best practice and does not meet many audit criteria. Unless you have created a Synced account and are changing the password on multiple systems or this is a effectively a break-glass account that should only be used in emergency and not as is suggested by the reason for a monthly health check.

    Without more details of your workflow and TPAM configuration I cannot really give a more precise answer.

    Best regards

    Tim

  • Thank you so much for the detail infromation.

Reply Children
No Data