Rotate Privileged Credentials Using Bomgar Vault

It is a security best practice to rotate or change privileged credentials frequently. With Bomgar Vault, you can choose to set imported domain credentials to automatically rotate after each use, or you can manually rotate credentials at any time. Two actions trigger the automatic rotation of domain credentials:

  • Manually checking in a credential from the /login interface.
  • Leaving a support session where credential injection has been used.

Local accounts cannot be automatically rotated and require manual rotation from /login.

Rotate Domain and Local Credentials Manually

Screenshot of the /login header, highlighting Vault > Accounts.

  1. From the /login interface, go to Vault > Accounts.
  2. Screenshot of the Accounts section with the Rotate Password option highlighted.

  3. Locate the account you wish to rotate.
  4. Click ....
  5. Click Rotate Password.

Once rotation is complete, the Password Age information updates with a timestamp of "a few seconds".

Configure Automatic Rotation of Domain Credentials

Screenshot of the /login header, highlighting Vault > Accounts.

  1. From the /login interface, go to Vault > Accounts.
  2. Locate the domain account you wish to automatically rotate.
  3. Click ....
  4. Screenshot of the Domain Account > Edit section highlighting the Automatic Rotation option.

  5. Click Edit.
  6. From the edit screen, check Automatically Rotate Credentials.
  7. Click Save Changes.

After each use, the account will automatically rotate.

Note: The Automatically Rotate Credentials setting is not available for local accounts.

 

For more information, please see Discover Domains, Accounts, and Endpoints.