Protect Privileged Account Credentials

Credential Manager lets you protect privileged account credentials against a security breach. Privileged accounts have access to the most critical systems, services, and sensitive data so these types of accounts require secure management.
capam33
Credential Manager lets you protect privileged account credentials against a security breach. Privileged accounts have access to the most critical systems, services, and sensitive data so these types of accounts require secure management.
Protecting Privileged Account Credentials
Protecting Privileged Account Credentials
Credential Manager allows you to:
  • Vault existing credentials
  • Automatically roll over parts of those credentials
  • Specify rules for generating new credentials
  • Specify rules for viewing credentials, granting permissions to view credentials, and what action occurs after the password is viewed.
To protect a privileged account, you must configure several Credential Manager objects. The following graphic shows you, in order, the basic configuration tasks:
Credential Manager Configuration Task Flow
Credential Manager Configuration Task Flow
To use Credential Manager, become familiar with the following terms:
  • Target Server/Device
    A device or 
    target server
     is an application server that hosts one or more target applications that require access credentials. Device names must be unique.
  • Target Application
    The target application is a container for all managed accounts of a single application, such as all privileged users of an Oracle database. A target application can contain one or more target accounts. The target application also defines the connector, the mechanism for accessing target accounts. The connector allows for multiple applications or entities within the same server to contain the same account user name. For example, if a given server hosts two databases, each database is a unique target application. Each database could have a uniquely identified user account 
    dbasys
    . Target application names must be unique within a given device.
  • Application Type/Target Connector
    The application type identifies the target connector. The target connector is the mechanism that lets Credential Manager manage and change credentials at a target. When you configure a target application, you select an application type—not a target connector—to identify the single application at the target server.
    The UI uses the term
    application type
    , not target connector. When you select an application type during target application setup, you are configuring the related target connector.
    A predefined set of target applications are included with the appliance. For example, to connect to an Oracle database, configure the Oracle application type/target connector to update and verify passwords for Oracle target accounts.
  • Target Accounts
    The target account identifies an account at the remote server. The account specifies the set of credentials (for example, user name and password or user certificate). When you configure a target account, you identify a target application for that account. Target account user names must be unique for a given target application. 
  • Target Aliases (for A2A deployments only)
    Aliases uniquely identify a specific target account. When an application requests credentials for another application, the requesting applications use the target alias. Target aliases eliminate the need to hard-code the name of the privileged account that has access to the target application.