Create Disconnected Account Lists

After you've turned on disconnected account management (DAM), a user with the All Access permission can begin the process of managing offline Windows systems. This user can assign delegation to other users to help administer these machines.

Disconnected systems are broken into lists, each with a separate set of secrets and, if needed, a separate set of policies. You can create lists of disconnected systems directly through the web app.

If the setting Allow non-default lists to be created automatically on first use is enabled, then if a new endpoint attempts to enroll with a list ID that does not yet exist, a new list is automatically created with the endpoint added as a member.

When setting up a machine to manage with DAM, that system must be online and connected to the web service. After setup is complete and DAM is properly functioning, that system can disconnect until the next update cycle for the shared secret. This update cycle is set by either the global or list-specific policy.

Each per-list policy is transferred with the DAM agent to target systems, and those systems become members of the list. You must manually push out any policy changes. When a secret updates, it is pushed to a managed endpoint the next time that endpoint connects to the web service.

To continue with DAM setup, you must have the web app installed and an all-access user delegated, and you must have a good understanding of management sets. A DAM list is very much like a management set and should be treated as such.

For more information about management sets or user permissions, please see the Privileged Identity Admin Guide.

Create a List through the Web Application

Passwords > Disconnected Accounts

  1. Log into the web application as a user with appropriate permissions.
  2. Go to Passwords > Disconnected Accounts.
  3. If this is your first list, a dialog automatically appears. Otherwise, click the Create New List button (+) near the top left.

 

Create List via Web App

  1. In the Create List dialog:
    1. List Name: Enter a descriptive name for the list.
    2. List ID: While we highly recommend using the automatically generated ID, you may use any string up to 255 characters if you prefer more human-readable information.
    3. List Comment: (Optional) Enter a comment or note for the list.
    4. Maximum Number of Machines: Enter the maximum number of endpoints that can be added to this list. A value of 0 indicates an unlimited number of clients.

Once you've created a list, you cannot modify its ID.

  1. Click Create.

Passwords > Disconnected Accounts.

  1. You should now see the list you just created. You can modify its properties by clicking the Edit List button (pencil).

 

Create a List Programmatically

Using the REST API, call /REST/OfflineUpdate/Tenant (POST).