Skip to main content

Change a Password

Manually Change a Password

  1. Open the appropriate secret in Privileged Access Management (PAM).
  2. Click the Change Password Now button in the top right of the page.

    The referenced media source is missing and needs to be re-embedded.
    1.  

      Helpful Note:

      The Change Password Now and Heartbeat buttons may be collapsed into the Options menu depending on display width.

      Network Account page in the PAM tool with the Change Password Now button circled
  3. When prompted for the next password, select Randomly Generated or Manual. Randomly generated passwords are recommended, as they will automatically meet any password requirements and be more secure.

    Edit button circled on the Password field in the PAM tool
    1. When selecting Manual, you may need to click the edit icon before entering a new password.
    2. As you manually enter a new password, an onscreen prompt will appear indicating if you have met the password complexity requirements set on the secret.
      1. Password complexity is set by the secret template used on the secret and may vary.
  4. Click the Change Password button.

    The Change Password button in the PAM tool
  5. Secret Server will change the password and attempt to heartbeat the secret. Heartbeat is the process of verifying the password is valid. This process may take a moment to complete.

Automatically Change a Password

Secrets can be configured to auto change the password when the expiration is reached. To configure auto change, navigate to the Remote Password Changing tab and select Edit under RPC/Autochange.

Remote Password Changing tab in the PAM tool with the Edit button circled

Then check the box for Auto Change Enabled and click Save.

Autochange page in the PAM tool with the Auto Change Enable checkbox circled and the Save button circled

Credentials Used to Change a Password

Secrets can be configured to use their own credentials to change the password or a privileged account. When a secret is created, it uses its own credentials for password changing by default, unless enforced by a policy.

To configure the credentials used on a secret, navigate to the Remote Password Changing tab and select Edit under RPC/Autochange.

Then select the option for Privileged Account Credentials and select the account to be used for password changing.

Autochange page in the PAM tool with the Privileged Account Credentials option circled and the No Secret Selected option circled

Once the credentials have be selected, click Save.

 

Critical Note:

You must have permission to access the credentials in PAM that are being used for password changing. Please contact your Access Manager if you need additional access. PAM support can be contacted at PAMSupport@osu.edu if you need additional assistance.

 

Edit a Password (Without Remote Password Change)

If remote password changing is not available, or the password value on the secret is not in sync with the target system, the password field can be edited manually. A manual edit does not change the password on the remote system.

  1. Open the appropriate secret in PAM.
  2. Click the blue edit link to the right of the password field.
  3. Enter the new value and click save.
 

Helpful Note:

If the edit link is not visible, manual password updates are not allowed. Use the Remote Password Changing option.

 

Bulk Password Change

Secret Server allows users to take bulk actions on one or more secrets simultaneously.

  1. Select one or more secrets and click the Bulk Actions button.

    name.# page in the PAM tool with My Web Secret and Network Account options circled, and the Bulk Actions button circled
  2. Select Change Password Remotely.

    More Bulk Options page in the PAM tool with Change Password Remotely option circled
  3. Select the option for a Randomly Generated or Manual password change.

Troubleshoot a Password Change

When troubleshooting a failed password change, please ensure you are meeting the password complexity requirements. Using the randomly generated password option is a quick and easy way to ensure the complexity is being met. If you are manually entering a password, ensure you verify that all required characters are included.

Additional information can be found under the Audit tab. To include audit logs for password changes, click the dropdown and select Include password change log audits.

Audit tab in the PAM tool with the Include password change log audits option circled

To stop a password change, click the Stop Password Change button on the top right, and select Stop Password Change.

Change Password page in the PAM tool with the Stop Password Change button circled

If you are unable to resolve a failed password change, please contact IT Help Desk with one of the following methods: