000032165 - How to get notifications that a password change is required for Services Account users in RSA Archer

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032165
Applies ToRSA Product Set: Archer
RSA Version/Condition: 5.5.2
Platform: Windows
TasksHow do we get notifications that a password change is required for the Services Account users? 
In this example we will reference the Datafeed services accounts.
ResolutionSimply put, there are no password expiration notices for the service accounts. 
The datafeed service accounts can be seen in the DB only:
SELECT * from tbluser where user_type_id = 4

The Type = 4 are considered Datafeed Service accounts.
SELECT * from tblUserType where user_type_id = 4

Unless it’s been changed from default, these Services Accounts are associated to the “Archer Services Parameter” under the Security Parameters.
The Password expiration settings for those service accounts are in that security parameter. However this can be misleading.
Technically speaking, the backend service accounts bypass the 'expired password validation check' that would normally occur when logging in through the front end.
They’re still fully authenticated properly, but since they are backend service accounts and can’t be used anywhere else, their password doesn't technically expire. 
Those Datafeed service accounts are hidden from being displayed in the UI since they can’t be technically used to log into the Archer front end.
To reset those passwords, you’d go to the Archer Control Panel, instance settings, Accounts tab and refresh the Services Account Password.
This will update the passwords for ALL of those ‘back-end’ async services accounts.
It’s a password that doesn’t need to be recorded since it’s never used in the front end or in any other admin operations and it will never expire.