Require an Account Check-Out to View the Password

If an account has a Check-out/Check-in view policy, the account must be checked out to view the password. The person then has exclusive access to the password. While it is checked out, other persons cannot view the password nor can they change any aspect of the account in any way. Once the password is checked back in to Credential Manager, others can view it and can update it.
capam32
If an account has a Check-out/Check-in view policy, the account must be checked out to view the password. The person then has exclusive access to the password. While it is checked out, other persons cannot view the password nor can they change any aspect of the account in any way. Once the password is checked back in to Credential Manager, others can view it and can update it.
The Check-out/Check-in policy can have a time interval, after which the account is automatically checked back in.
Sometimes an administrator needs immediate access to a password that is checked out. The administrator can remove the restriction on the account by checking in the account on behalf of another user. By default, only the administrator role has permission to force a check-in operation. If necessary, you can configure other roles with this permission.
This topic describes the following procedures:
2
For the equivalent procedures using the CLI, see Require a Password Check Out and Check using the CLI.
Check Out a Password Using the UI
Follow these steps:
  1. Select
    Credentials
    ,
    Manage Targets
    ,
    Accounts
    .
  2. Select the blue View icon (which resembles an eye) in the
    Action
    column of the Account for which you want to request authorization. A Show Password pop-up window appears, prompting you for your password and the reasons for viewing the target password.
  3. Enter your (Credential Manager administrator) password.
    The password field is displayed if the target account is authenticated.
  4. Select your
    Reason
    for viewing the (target account) password.
  5. (Optional) Enter the
    Reason Description
    .
  6. Select
    View
    .
    The GUI displays the account User ID and the password. The GUI also notifies you that the account is checked out.
  7. Select
    OK
    .
Determine Who Has a Password Checked Out
Use the following procedure to find out how has a password that is checked out.
Follow these steps:
  1. Select
    Credentials
    ,
    Manage Targets
    ,
    Accounts
    .
  2. For the appropriate entry in the Target Accounts list, select the blue Checkout icon (which resembles an eye with an X across it) located in the Action column. A dialog appears showing who has checked out the password.
    The Reference Code is shown only if the requestor has entered the reference code in View Account Password Request screen before viewing the account password.
Check In a Password Using the UI
When you check out a password, no other user can view the password or can change the account until you select it back in again. Checking in the password removes this restriction and frees the account for use by others. In emergency situations, an administrator can check in a password on behalf of another user.
Checking in passwords does not affect open access sessions. Users currently in active access sessions will remain logged in regardless of the password being checked in.
You can check in an account password from the following GUI locations:
  • Credentials, Manage Targets, Accounts
  • Credentials, Workflow, My Requests
  • Access screen
Use the following procedure to check in a password from the
Credentials
,
Manage Targets
,
Accounts
screen.
Follow these steps:
  1. Select
    Credentials
    ,
    Manage Targets
    ,
    Accounts
    .
  2. For the account password to be checked in, select the Check-In icon (a black right-facing arrow inside a box). The icon is in the Action column.
    A message confirms that the password has been checked in.
Use the following procedure to check in a password from the
Credentials
,
Workflow
,
My Requests
screen.
Follow these steps:
  1. Select
    Credentials
    ,
    Workflow
    ,
    My Requests
  2. Select the entry for the account (with status “Checked Out”) whose password you want to check in and select
    View
    . The Password View Request Details screen appears.
  3. In the Password View Request Details dialog, select
    CHECK IN
    .
    A message confirms that the password has been checked in.
Use the following procedure to check in a password from the
Access
screen.
Follow these steps:
  1. If you are logged in as an administrator, select
    Access
    from the main menu. If you are not an administrator, the home screen
    is
    the Access screen (though it is not labeled).
     A list of checked out passwords is presented at the top of the screen.
    If you are not an administrator, you might need to log out and log back in again before checked-out passwords are visible.
  2. Select
    Check In
    in the right-hand column of the password line item.
Force a Password Check In Using the GUI
When an account password is checked out, other users cannot view the password nor can they change the account. Use this procedure to force a check-in of an account password on behalf of another user.
Checking in passwords does not affect open access sessions. Users currently in active access sessions will remain logged in regardless of the password being checked in.
When you perform a forced check in, any required activities that are associated with that operation also occur, for example, an update of the account password.
The administrator can check in an account on behalf of another user from the following screens:
  • Credentials
    ,
    Manage Targets
    ,
    Accounts
  • Credentials
    ,
    Workflow
    ,
    All Requests
User the following procedure to check in a password using the
Credentials, Manage Targets
,
Accounts
screen.
Follow these steps:
  1. Select
    Credentials
    ,
    Manage Targets
    ,
    Accounts
    .
  2. For the password to be checked in, select the Check-In icon (black right-facing arrow inside a box). The icon is in the Action column.
    A message confirms that the password has been checked in.
Use the following procedure to check in a password using the
Credentials
,
Workflow
,
All Requests
screen.
Follow these steps:
  1. Select
    Credentials
    ,
    Workflow
    ,
    All Requests
    .
  2. Select the account (with status “Checked Out”) for which you want to view check out details and select
    View
    . The Password View Request Details screen appears.
  3. Select the
    FORCE CHECK-IN
    button.
    The account password is checked in.