How can we help?

Articles in this section

How do I add, or edit a shared account? Follow

Shared accounts in Evo are known as Elevated Access accounts.

An elevated, or privileged access account is an account that has more privileges than ordinary users. The elevated account, might be able to install/remove software, upgrade operating systems, or modify system/application configuration. They might also have access to files that are not accessible to a regular user.

Screen_Shot_2022-09-09_at_1.37.00_PM.png

How to add a shared directory account

Shared elevated access accounts created from a directory, will only be possible for an Active Directory (On-Premise or Azure) that has been connected to sync with Evo.

Didn’t enable the new account(s) for password rotation? Not to worry, you can do that at any time, see How do I enable, or disable password rotation?

  1. From the dashboard, click Access.
  2. Click Shared Accounts.
  3. With the Shared Accounts tab selected. In the displayed list of customers, find the one the new shared account should be added. Click the customer’s name.
  4. Click Add Shared Accounts.
  5. Click Select from Synced Directory.
    Shared-Directory.png
  6. In the displayed list of directories, find the one you want to associate. Select the radio button for the directory.
  7. Click Next Step.
  8. Enter in the email address of the user. Once located click Add.
  9. Skip if the correct user has been applied. If you’ve selected the wrong user, hover over the email address and click the trash can to delete. Repeat step 10 to add the correct user(s).
  10. Click Next Step.
  11. Enable Password Rotation for the account (this must be enabled for synced accounts to function).
  12. If you have toggled password rotation on.
    1. Select the rotation frequency:
      1. Hours: Use the slider to select the rotation frequency. Anywhere between 1-hour to 24-hours.
      2. Days: Use the slider to select the rotation frequency. Anywhere between 1-day to 30-days.
        PasswordRotation.png
  13. Click Add Shared Accounts.

Repeat steps 5 to 14 for each tenant where a shared account is to be added.

Now that the new shared account has been created, you’ll need to assign it to a group for use. Refer to How do I add, edit, or delete an access group?

PurpleInfoIcon.png The first password rotation can take up to 10-minutes to complete. Until that happens the existing password you have set on the shared account remains in effect. Once the password rotation is completed. You’ll be able to view the new password from the table, refer to Can I see the shared account passwords?

How to manually add a shared account

Tip: To confirm the entered password is correct, click the eye (ClosedEye.png) in the password field to see what you’re typing in plain text. To hide the password, click the eye (OpenedEye.png) again.

  1. From the dashboard, click Access.
  2. Click Shared Accounts.
  3. With the Shared Accounts tab selected. In the displayed list of customers, find the one the new shared account should be added. Click the customer’s name.
  4. Click Add Shared Account.
  5. Click Add Manually.
    Shared-Manual.png
  6. Fill in the appropriate detail
      1. Enter the email address or username for the shared account. For a Windows shared account, this would normally be a username.
      2. Enter a password for the shared account password.
      3. Optionally, enter a domain. If the account is an Active Directory (AD) shared account, then enter the AD domain name. If the domain name is blank, then the account will be assumed to be a local/computer account (as opposed to an AD account). You could also enter the name of the computer to limit it a particular computer.

 

Screenshot_2023-03-16_at_12.28.36_PM.png

Accounts in Windows generally consist of two types:
  1. Active Directory (AD) accounts
  2. Local Accounts (computer accounts)
AD accounts are accounts managed in a central location by AD which is usually the domain controller (DC). Computers attached to an AD communicate with the AD DC to authenticate users and to manage permissions.
 
Local accounts are accounts managed on a single Windows PC (Laptop/Desktop/Server) and authentication and permissions are managed on that PC.
 

Repeat these steps for each tenant where a shared account is to be added.

 

Now that the new shared account has been created, you’ll need to assign it to a group for use. Refer to How do I add, edit, or delete an access group?

How to edit a shared account

Editing shared account is limited to the type of account that was added.

  • A shared account created from a synced directory you can update the password rotation frequency or enable/disable password rotation.
  • A manually created shared account, you can update the shared account, password, and domain.
  1. From the dashboard, click Access.
  2. Click Shared Accounts.
  3. With the Shared Accounts tab selected. In the displayed list of customers, find the one the new shared account should be added. Click the customer’s name.
  4. Click the edit pencil at the end of the row for the shared account to be edited.
  5. Make the edits you want.
  6. Click Edit Shared Account.

Related articles

Comments

0 comments

Please sign in to leave a comment.