How to enable credential cycling for Target source?

Hi Sailors,

We recently enabled credential cycling.
We have a few application which uses target collector configuration also and service account is same for app connection as well as target collector.
While enabling the credential cycling it works for the app config but target aggregation fails as credential cycling is not working for Target Source.

Can we enable the credential cycling for Target collector/Target source is\f so how can we do that?

As far as I know, the credential cycling only works for attributes in the Attributes map of the Application XML. The target collector configuration is a separate object that is referenced from the application definition.

An enhancement is needed to allow the TargetAssociation, as well as perhaps ActivityDataSources and IntegrationConfigs to be enabled for credential cycling as well.

An alternative option may be to create a workflow that updates the credentials in TargetAssociations (and possibly other places). Then configure your PAM solution to invoke the workflow whenever credentials are updated.

  • Menno

hi @menno_pieters

Going with that approach we would still be storing the credentials in the respective XMLs.
We have a compliance reason due to that we don’t want to store the credentials in XMLs but I guess with current state it won’t work?

Thanks
Pradeep

The credentials will be stored encrypted in the database.

When having separated encryption keys for each IIQ environment, the passwords can only be decrypted by users who have the SystemAdmin-role.

PS Be sure no rule can run to decrypt the keys by anyone without the SystemAdmin-role. For example do not install the RuleRunner-Plugin.

– Remold

As @Remold says, the passwords are stored encrypted. You can cycle the passwords as often as needed. Make sure to use site-specific encryption keys, as described in the document that @Remold also linked to.

For now, I don’t see any other option, but feel free to submit an idea, so the same process can be used as for applications.

Hi @menno_pieters and @Remold

yeah We are aware that password is stored encrypted and are using site-specific encryption keys. But as per audit we need to avoid that as well.

Thanks for your valuable inputs.

Thanks
Pradeep

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.