A password sync group is used to control password validation and reset across all associated accounts. The same password is used for one or more accounts associated with the same or different assets. For example, synchronized passwords can be used for accounts that support clusters or systems that sync between development, test, and production. An account can belong to only one password sync group. Multiple password sync groups can be added to a profile.
The profile change schedule is applied to the sync group. The sync group controls the tasks to change the passwords for the accounts in the sync group. Change tasks occur in the order of password sync group account priority. If synchronization fails for an individual account in the sync group, the account is retried multiple times and, if failing after that, the sync task halts and is rescheduled. The administrator must correct the cause of the failure for the sync task to continue.
If an account is associated with a profile with a daily check schedule and also associated with a password sync group, a mismatch on the daily check will trigger a task to set the account password to the current sync group password.
For more information, see Creating a password profile.
Password sync group account priority
When an account is added to a password sync group, the default priority is 0, which is the highest priority. Subsequent numbers are lower priority (for example, 0, 1, or 2, where 0 is the highest priority and 2 is the lowest). Priority determines the order in which account passwords are changed. If all accounts have the same priority, they are synchronized simultaneously. When different priorities are set, accounts at the highest priority (for example, 0) are synchronized first. If priority 0 is successful, accounts at the next priority are synchronized. If any account at a priority fails, the synchronization processing stops and the group is scheduled for synchronization retry. For example, a cluster of systems may have an admin account with the same password. If one primary system is set at priority 0 and the subordinates are set at priority 1, the password change on the primary must be successful before the passwords on the subordinates are changed. If the primary password change fails, the subordinates are unaffected, the cluster continues to function, password change is rescheduled, and the error is logged.
Navigate to Asset Management > Profiles > View Password Profile Components > Password Sync Groups.
Property | Description |
---|---|
Enable |
If Enable is selected, the sync runs with the profile change schedule. |
Status |
The Status displays if all account passwords are in sync with the password sync group. The Status is if any password for any account within the sync group does not match the common password. |
Name |
The name of the password sync group. |
Accounts | The number of accounts to synchronize with a common password. |
Next Sync Date |
The date the sync group password will be synchronized across all accounts. |
Description |
Information about the rule. |
Use the following toolbar buttons to manage password sync groups.
NOTE: Changes made from the Password Sync Groups pane are reflected in the password sync groups in the profile. See Creating a password profile.
Option | Description |
---|---|
Add | Add a password sync group. For more information, see Adding a password sync group. |
Delete |
Permanently remove the selected password sync group. |
View Details | Modify the selected password sync group rule. |
Change Sync Group Password |
Change the password for the selected sync group. All accounts in the password sync group synchronize with the new password. |
Refresh | Update the list of password sync groups. |
Search |
To locate a value in this list, enter the character string to be used to search for a match. For more information, see Search box. |