Service Account Management Site
- Christopher Boyer
- Cassandra Rinker
The Service Account Management Site ensures secure and convenient password management for service (auxiliary) accounts. The site grants access through dual ownership with forced password rotation based on account type. Primary and backup owners can manage passwords while centralized storage and strong password rules enhance security.
You must be connected to the VPN to access the Service Account Management Site.
Key features and functionality
Password Rotation and Security: Passwords rotate automatically based on account type for added security. Password rotation and strong password guidelines reduce the risk of unauthorized access and data breaches.
Password rotation frequency depends on the account type and associated security risks.
The system automatically prompts owners to update passwords upon expiry.
Passwords can be automatically changed to a compliant and secure password on a schedule. Owners can view the password from the account details page.
The platform enforces strong password criteria, including minimum length, and complexity.
Passwords for automatic password rotation are securely stored and encrypted.
Dual Ownership: Each account has a primary owner and a backup owner, allowing access even if the primary owner is unavailable. Dual ownership ensures access and transparency in managing auxiliary accounts.
Both owners can access and change passwords for the account.
Backup owners provide redundancy in case the primary owner is unavailable.
Centralized Management: Access and manage passwords for all auxiliary accounts from a single, secure platform. Centralized management and a user-friendly interface simplify password access and updates.
Access Control:
Only employees who are authorized owners or backup owners can access account passwords.
System logs track all password changes and access attempts.
Security reminders:
Never share your password with anyone, including your backup owner.
Choose strong and unique passwords for all accounts.
We encourage all employees to leverage this platform for secure and efficient management of their auxiliary account passwords. By following these guidelines and best practices, we can maintain a secure and productive work environment for all.
Frequently asked questions
- 1 How do I access the Service Account Management Site?
- 2 How do I view my accounts?
- 3 How can I request a new service account?
- 4 How do I change a password?
- 5 How do I know when a password expires?
- 6 Can the expiration date be extended?
- 7 I am listed as the owner on an account someone else owns, how can I change the owner to them?
- 8 Will I be warned before the password expires?
- 9 I no longer need an account, how do I remove it?
- 10 How does automatic password change work?
- 11 Where can I find support?
How do I access the Service Account Management Site?
Connect to the VPN then go to login.wvu.edu/serviceaccounts. Enter your username and password at the login SSO screen and complete your Duo authentication. All employees with assigned service accounts will receive access to the platform.
How do I view my accounts?
After you log into the Service Account Management Site you will be presented with a list of accounts you are marked as the owner or backup owner.
How can I request a new service account?
Submit a service request through the WVU IT Help Center. Include the primary and backup owner of the service account in your request description. Review the policies and standards for service accounts at it.wvu.edu/policies-and-procedures/security/iam.
How do I change a password?
Log into the Service Account Management Site.
Click the account you wish to change.
Click Change Password on the left menu.
A screen will appear describing the required password complexity and a text field to allow a new password entry.
On success, the password will be displayed for 30 seconds, allowing you to copy the password into your password manager, such as Keeper, LastPass, Bitwarden, etc.
How do I know when a password expires?
The password expiration date is displayed on your account list and the account details page.
Can the expiration date be extended?
No.
I am listed as the owner on an account someone else owns, how can I change the owner to them?
Click on the account to view details. The owner and backup owner fields are editable.
Enter the correct owner username and an optional backup owner username.
Verify the other information.
Scroll down and click Save.
The new owner(s) will now be able to manage the account and it will no longer be on your account list.
Will I be warned before the password expires?
Yes, the owner and backup owner will receive a warning email to their primary email addresses 30, 7, and 1 days before expiration. The email template has the subject “Service or Resource accounts expiring soon!“ and has this body:
Dear Firstname Lastname,
We wanted to bring to your attention that the passwords for your service accounts are nearing their expiration dates.
To ensure uninterrupted access and maintain the security of your accounts, it is crucial to update these passwords before they expire. Failing to do so may result in loss of access and potential disruptions in any services or processes associated with these accounts.
Action Required:
1. Review the list of service accounts attached/mentioned below.
2. Login to Service Accounts.
3. Update the passwords for each account as soon as possible.
Account Username: username
Days away: XX days
Expiration Date: YYYY-MM-DD
Please note that it's recommended to choose strong, unique passwords and avoid using the same password across multiple accounts. If you require assistance or have any questions regarding the password update process, please don't hesitate to reach out.
Thank you for your prompt attention to this matter. Let's work together to ensure the security and reliability of our systems.
I no longer need an account, how do I remove it?
Check your account’s Reporting flags for the Needs retired flag. Accounts flagged for retirement are periodically removed.
If an account is marked for retirement, the account will be removed from the source and service account site.
How does automatic password change work?
Service accounts are assigned an automatic password change schedule. Passwords can be scheduled to change each day, week, month, or year. A compliant password is generated by the system and is set for the account based on the assigned schedule.
The newly generated password may be retrieved after the scheduled change by viewing your account details and selecting Checkout Password.
Where can I find support?
Contact the ITS Service Desk for support.