Our Security Teams are actively pushing ALL application teams to move towards the ability to have all “Service Accounts” that are used for elevated activities to be ones that exist within a Vaulted configuration with rotating passwords that can be checked out upon demand and are automatically checked back in after a configured length of time on the backend.
Currently, there is no method for us to implement such a deployment within the console, as the only fields available are the username and password fields.
It would be good if there could be an option to choose a vault to go and retrieve the password from, instead of having to go and manually reset a password in 50 places every time the password gets updated like we have to today.
Ability to use a Vaulted Password for the AD Account used for Domain Join of machines (Completed)
5
This would be a huge value add for us and I'm sure for other IT departments as well.
Hi Scott and Marty, very interesting suggestion.
If I am understanding correctly, you would like the option to retrieve this “secret” from an Azure Key Vault for the directory profiles within Nerdio?
I would think that Azure Key Vault would be one option. It would be ideal if there was a way to configure the settings to be functional with Secure Vaulting solutions, such as Hashicorp or Cyberark or the like as well. Not all scenarios have AD accounts that exist and are visible to AAD that have the rights to perform Domain Joining, so the flexibility to “plug in” a vaulting configuration of choice to use for this would be best.
Hi Scott - Understood! Thank you for the additional information. We have captured this request.
I would like to highlight a quick side note, as it is a newer feature that we implemented as of our v7.0 release, and it may be of use to you in your host pool directory management.
We now have a “Profiles Management” section under “Settings” that will allow you to manage all of the different directory profiles and enable you to apply these directory profiles at scale to multiple host pools.
For example, you could modify a directory profile with updated credentials, and this change would take effect in all of its assigned host pools.
Please sign in to leave a comment.
Comments (4 comments)