The Service Account Management Site ensures secure and convenient password management for service (auxiliary) accounts. The site grants access through dual ownership with forced password rotation based on account type. Primary and backup owners can manage passwords while centralized storage and strong password rules enhance security.
| Info |
|---|
You must be connected to the VPN to access the Service Account Management Site. |
| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...
Password Rotation and Security: Passwords rotate automatically based on account type for added security. Password rotation and strong password guidelines reduce the risk of unauthorized access and data breaches.
Password rotation frequency depends on the account type and associated security risks.
The system automatically prompts owners to update passwords upon expiry.
Passwords can be automatically changed to a compliant and secure password on a schedule. Owners can view the password from the account details page.
The platform enforces strong password criteria, including minimum length, and complexity.
Passwords for automatic password rotation are securely stored and encrypted.
Dual Ownership: Each account has a primary owner and a backup owner, allowing access even if the primary owner is unavailable. Dual ownership ensures access and transparency in managing auxiliary accounts.
Both owners can access and change passwords for the account.
Backup owners provide redundancy in case the primary owner is unavailable.
Centralized Management: Access and manage passwords for all auxiliary accounts from a single, secure platform. Centralized management and a user-friendly interface simplify password access and updates.
Access Control:
Only employees who are authorized owners and or backup owners can access account passwords.
System logs track all password changes and access attempts.
...
Security reminders:
Never share your password with anyone, including your backup owner.
Choose strong and unique passwords for all accounts.
We encourage all employees to leverage this platform for secure and efficient management of their auxiliary account passwords. By following these guidelines and best practices, we can maintain a secure and productive work environment for all.
Frequently asked questions
...
How do I access the Service Account Management Site?
From VPN, the service account management site can be accessed at Connect to the VPN then go to login.wvu.edu/serviceaccounts. Enter your username and password at the login sso SSO screen , and complete a multifactor authentication, and you will then be allowed access into the site.your Duo authentication. All employees with assigned service accounts will receive access to the platform.
How do I view my accounts?
After you log into the Service Account Management Site, you will be presented with a list of accounts you are marked as the owner or backup owner.
...
...
How can I request a new service account?
Submit a service request through the WVU IT Help Center. Include the primary and backup owner of the service account in your request description. Review the policies and standards for service accounts at it.wvu.edu/policies-and-procedures/security/iam.
How do I change a password?
Log into the Service Account Management Site.
Click the account you wish to change.
Click Change Password on the left menu.
A screen will appear describing the required password complexity and a text field to allow a new password entry.
On success, the password will be displayed for 30 seconds, allowing you to copy the password into your password manager, such as Keeper, LastPass, Bitwarden, etc.
...
How do I know when a password expires?
...
Click on the account to view details, the . The owner and backup owner fields are editable.
Enter the correct owner username and an optional backup owner username.
Verify the other information.
Scroll down and click Save.
The new owner(s) will now be able to manage the account and it will no longer be on your account list.
...
Yes, the owner and backup owner will receive a warning email to their primary email addresses 30, 7, and 1 days before expiration. The email template has the subject “Service or Resource accounts expiring soon!“ and has this body:
| Panel | |
|---|---|
| |
| |
Dear Firstname Lastname, We wanted to bring to your attention that the passwords for your service accounts are nearing their expiration dates. To ensure uninterrupted access and maintain the security of your accounts, it is crucial to update these passwords before they expire. Failing to do so may result in loss of access and potential disruptions in any services or processes associated with these accounts. Action Required: 1. Review the list of service accounts attached/mentioned below. Account Username: username Please note that it's recommended to choose strong, unique passwords and avoid using the same password across multiple accounts. If you require assistance or have any questions regarding the password update process, please don't hesitate to reach out. Thank you for your prompt attention to this matter. Let's work together to ensure the security and reliability of our systems. |
I no longer need an account, how do I remove it?
Check your account’s Reporting flags for the Needs retired flag. Accounts flagged for retirement are periodically removed.
| Note |
|---|
If an account is marked for retirement, the account will be removed from the source and service account site. |
How does automatic password change work?
Service accounts are assigned an automatic password change schedule. Passwords can be scheduled to change each day, week, month, or year. A compliant password is generated by the system and is set for the account based on the assigned schedule.
The newly generated password may be retrieved after the scheduled change by viewing your account details and selecting Checkout Password.
...
Where can I find support?
Contact the ITS Service Desk for support.