Hi All…need to check If we have one domain with multiple AD domain controllers do we need to enable gMSA or normal service account would be enough.
In our environment we have like 24 DC’s and are using just a run of the mill service account. We do have it pointed at DC’s with a lower volume in our config. One thing I will not is that we do have replication set up across the DC’s. Hope this helps.
Thanks @mpotti for your response. We do have replication setup across the DC’s.
My question is more around should we use the Group Managed Service Account (gMSA) or Normal service account for the connection in SailPoint?
Hello Ankit,
I think the answer depends on what your PAM solution can do. If you are achieving visibility, rotation, and real-time password retrieval (like using a credential provider), I would argue that you will be best served by keeping your privileged access in one place, and using the Credential Provider feature. If that is not how your org is set up, then gMSAs are better than a static service account password.
So, in sum:
Credential Provider > gMSA > standard service account
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.