Account Keys Overview

A account key record stores information about the user security context and passes this information to the adapters for activity execution, event monitoring, and some target operations (such as availability monitoring and discovery). Account keys instances can be shared across targets and processes. For example, if a single set of credentials can be used to access a set of network devices, only one account key instance must be created. When it is time to change the credentials, users can go to the Account Keys list and edit the single instance to change the credentials. This greatly reduces the configuration load when credentials tend to change often in some environments.. Account Keys hold the security credentials that are assigned to processes and activities.

Account Key credentials can be used in a workflow, but no workflow can retrieve credentials. If your workflow must access credentials, use hidden string variables.

The account keys concept allows the product to implement delegation. For example:

  1. An IT help desk operator comes to Action Orchestrator to run a process.

  2. This operator is presented with a list of processes that Action Orchestrator's role-based access control allows them to run. These processes might include activities that require a level of security permission that the operator does not natively have.

  3. The operator can perform actions as a part of the established process that are not possible for them to perform manually.

This concept can also be leveraged to reveal where operators make changes outside of a process. By examining auditing logs such as Windows logs for things being done under the operator’s credentials rather than the Action Orchestrator account key credentials, it is possible to determine how the operator is doing things outside of process and determine how to close things down. So a side effect of Action Orchestrator automation is that customers might be able to tighten security in their environment.

  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved