Domain accounts (formerly known as Shared Accounts) in Evo are known as Elevated Access Accounts.
An elevated, or privileged access account is an account that has more privileges than ordinary users. The elevated account, might be able to install/remove software, upgrade operating systems, or modify system/application configuration. They might also have access to files that are not accessible to a regular user.
How to add a Domain directory Account
Domain/Elevated access accounts created from a directory, will only be possible for an Active Directory (On-Premise or Azure) that has been connected to sync with Evo.
Didn’t enable the new account(s) for password rotation? Not to worry, you can do that at any time, see How do I enable, or disable password rotation?
- From the dashboard, click on My Company or choose Customer.
- Click Vault.
- Click on Domain Accounts.
- Click on Create Domain Account
- Click Select from Synced Directory.
- This will now display any domain accounts already synced/added for this customer. To add:
- In the displayed list of directories, find the one you want to associate. Select the radio button for the directory.
- Click Next Step.
- Enter (or search) the email address of the user. Once located click Add.
- Click Next Step.
- Password Rotation is enabled by default for Synced Domain Accounts. However you can edit features of this domain account's password rotation.
- Select the rotation frequency:
- Hours: Use the slider to select the rotation frequency. Anywhere between 1-hour to 24-hours.
-
Days: Use the slider to select the rotation frequency. Anywhere between 1-day to 30-days.
- Select the rotation frequency:
- Click Add Domain Accounts.
Repeat steps 1 to 12 for each tenant where a domain account is to be added.
Now that the new domain account has been created, you’ll need to assign it to an Elevated Access Assignment for use. Refer to: Setup Elevated Access
The first password rotation can take up to 10-minutes to complete. Until that happens the existing password you have set on the domain account remains in effect. Once the password rotation is completed.
In the event you need to access a Domain Account password, an Evo Admin with the proper Role-Based Permissions will be able to view these in the portal.
In order to view Domain Account passwords, an Evo Admin will need to be assigned to a Role-Based Permission group that includes the Elevated Access > Add Elevated Access Role.
- From the dashboard, click on My Company or select a Customer.
- Click Vault.
- Click on Domain Accounts.
- With the Domain Accounts tab selected, locate the domain account you’d like to see the password for and click the eye () icon.
- Once you’re done viewing or copying the password. Click Close.
How to manually add a Domain Account
Tip: To confirm the entered password is correct, click the eye () in the password field to see what you’re typing in plain text. To hide the password, click the eye () again.
- From the dashboard, click on My Company or choose Customer.
- Click Vault.
- Click on Domain Accounts.
- Click on Create Domain Account
- Click Add Manually.
- Fill in the appropriate detail
-
- Enter the email address or username for the Domain account. For a Windows domain account, this would normally be a username.
- Enter a password for the Domain account password.
- Optionally, enter a domain. If the account is an Active Directory (AD) domain account, then enter the AD domain name. If the domain name is blank, then the account will be assumed to be a local/computer account (as opposed to an AD account). You could also enter the name of the computer to limit it a particular computer.
-
- Active Directory (AD) accounts
- Local Accounts (computer accounts)
Repeat these steps for each tenant where a domain account is to be added.
Now that the new domain account has been created, you’ll need to assign it to a group for use. Refer to How do I add, edit, or delete an access group?
How to edit a domain account
Editing domain account is limited to the type of account that was added.
- A domain account created from a synced directory you can update the password rotation frequency or enable/disable password rotation.
- A manually created domain account, you can update the domain account, password, and domain.
- From the dashboard, click on My Company or choose Customer.
- Click Vault.
- Click on Domain Accounts.
- Click the edit pencil at the end of the row for the domain account to be edited.
- Make the edits you want.
- Click Edit Domain Account.
How to disable domain accounts
- From the dashboard, click on My Company or choose Customer.
- Click Vault.
- Click on Domain Accounts.
- In the displayed list of domain accounts, find the ones you want to disable. Check the box at the beginning of each row.
- Click the actions menu located above the table.
- Click Disable Domain Account.
Repeat steps 4 to 6 for each tenant domain account that is to be disabled.
How to enable domain accounts
- From the dashboard, click on My Company or choose Customer.
- Click Vault.
- Click on Domain Accounts.
- In the displayed list of domain accounts, find the ones you want to enable. Check the box at the beginning of each row.
- Click the actions menu located above the table.
- Click Enable Domain Account.
Repeat steps 4 to 6 for each tenant domain account that is to be (re)enabled.
How to delete domain accounts
Deleting a domain account will remove it from any associated elevated access assignment, which will require the group to be updated.
Once a domain account has been deleted the action cannot be undone.
- From the dashboard, click on My Company or choose Customer.
- Click Vault.
- Click on Domain Accounts.
- In the displayed list of domain accounts, find the ones you want to delete. Check the box at the beginning of each row.
- Click the actions menu located above the table.
- Click Delete Domain Account.
Repeat steps 4 to 6 for each tenant domain account that is to be deleted.