Password Server Password Rotation

Password Rotation

Passly Password Server has the ability to synchronize Windows Server or Domain based passwords. 

Passly processes password rotation automation by using a Sync Agent that is installed on a Domain joined server or local Windows server. The Sync agents are controlled by a Password policy that will determine the duration and complexity of the rotated password.

Note: You can only sync Windows based / Active Directory / Azure Directory Passwords with the Sync agents.

Sync Agents

You first need to deploy a Sync Agent. Please see this guide for more information. 

Once you have a Sync agent deployed to a given domain or standalone Windows server you will be able to selectively sync credentials on that domain / standalone server.

Create a Password Record

Password records are created within a Shared Vault. These records can have synchronization enabled at the password record level. 

To create a Password record you can find the steps in this article

Password Policy

Password synchronization will use an assigned Password Policy to determine the parameters of the sync. 

You can edit or create a new policy via Password Server > Password Policy.
mceclip0.png
Expiration time is used by the Sync agents to set the duration for when the password should be rotated.

The Password length & requirements settings should be made to match the environment you are syncing with. 

Syncing a Password Record

You can create a sync'd password record by following these steps.

  1. Log into your Passly tenant.
  2. Select Password Server.
  3. Select Vault Manager.
  4. Select the Vault containing the record you wish to sync.
  5. Select +New Password to create a new record.
    mceclip1.png
  6. For Domain based Windows passwords select "Active Directory Windows Password. 
    For Standalone Windows passwords select "Standalone Windows Passwords".
  7. Select the Password Policy.
    mceclip2.png
    Note: Password policy will set the "Days to Expiration" setting automatically. 
    mceclip0.png
  8. Optionally you can enable the option to expire after preview. This will trigger the sync to occur both on the policy settings and after it is accessed. This will not override the policy. 
    mceclip2.png
  9. Optionally you can choose to disable sync on a record at any time. 
    mceclip1.png
  10. Select the Sync agent you wish to use. 
    mceclip4.png
  11. Select Add password to save the password record. 
    mceclip5.png

You can sync an existing password record by following these steps.

  1. Log into your Passly tenant.
  2. Select Password Server.
  3. Select Vault Manager.
  4. Select the specific Vault.
  5. Select the specific Password record
    For Domain based Windows passwords select "Active Directory Windows Password. 
    For Standalone Windows passwords select "Standalone Windows Passwords".
  6. Select the Password Policy.
    mceclip2.png
    Note: Password policy will set the "Days to Expiration" setting automatically. 
    mceclip0.png
  7. Optionally you can enable the option to expire after preview. This will trigger the sync to occur both on the policy settings and after it is accessed. This will not override the policy. 
    mceclip2.png
  8. Optionally you can choose to disable sync on a record at any time. 
    mceclip1.png
  9. Select the Sync agent you wish to use. 
    mceclip4.png
  10. Select Add password to save the password record. 
    mceclip5.png

From here the agents will continue to check-in and rotate all credentials linked to them via the Password records.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section