Symantec Privileged Access Management

Expand all | Collapse all

Target Account expiration details

  • 1.  Target Account expiration details

    Posted 11-13-2020 09:40 AM
    Hi SME's,

    There is requirement to send password expiry notification in advance for certain accounts . How can I fetch Target accounts password expiration details ?



  • 2.  RE: Target Account expiration details

    Broadcom Employee
    Posted 11-16-2020 10:26 AM
    The only way I can think of is using the listTargetAccounts or searchTargetAccounts CLI commands to grab a list of the target accounts, then filtering them further in your script or a spreadsheet.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-2/programming/credential-manager-remote-cli-and-java-api.html


  • 3.  RE: Target Account expiration details

    Posted 11-16-2020 12:19 PM
    ​Hi @Joseph Fry,

    Output from both commands doesn't have password expiry details.​


  • 4.  RE: Target Account expiration details

    Broadcom Employee
    Posted 11-16-2020 12:47 PM
    No... the expiration is not a property of the target account itself.  Its a property of the password composition policy associated with the target application that the target account belongs to.

    What you want to look at is the updateTime or updateDate... they should be the same value just in different formats (Linux & Mysql date/time).  That will tell you the last time the password was updated.  Its up to you to calculate how long the account has before it reaches expiration.

    NOTE, if I remember correctly, a new account may not have an updateTime or updateDate... in which case you may need to look at the createTime and createDate.  You would want to test this to be sure.