Account Types

An account type determines account usage rules and constraints by such criteria as: time, lifecycle status, owner, password rotation. The type is established on the import of existing accounts by the Customization Rule; or on the creation of new accounts by the workflow. Below is a list of available account types:

Type defined for an account opened in the integrationType defined for an account opened in the integration

User - a user account is unlimited by the usage time. It can be either provisioned, or de-provisioned. A personal account always has an Identity as the Owner. The Identity can have only one user account in one integration. Password rotation is determined by the integration, or the Identity.

Orphan - an orphan account is unlimited by the usage time. It can be either provisioned, or de-provisioned. For an orphan account, the Owner is undefined due to technical, or other reasons. Thus, an orphan account is subject to the administrator’s responsibility which would lay the foundation for access control and identity monitoring, and would define the type and the Owner for an orphan account.

Privileged - a privileged account is always created for a specific Identity as its Owner and in the provisioned and locked status. It is unlocked by an extra workflow for a specified period of the usage time. Beyond the specified usage time, the account is locked. In its lifecycle status, a privileged account can be provisioned and locked; provisioned and unlocked; or de-provisioned. Password rotation can be governed by the Integration, the Identity, and the Rotatable system settings, which if enabled, automatically initiates the password rotation on every unlock of the account.

Firecall - a firecall account is limited in the usage time. It can be provisioned and locked; provisioned and unlocked; or de-provisioned. A firecall account is by default locked. It gets unlocked with an extra workflow and for the specified period of usage time. On every unlock, a firecall account rotates its password, and changes who from the Identities is currently established as its Owner.

Service - a service account is issued for a software agent, and unlimited by the usage time. It can be either provisioned, or de-provisioned.

Temporary - a temporary account is created for a specific Identity and for the specified period, after which the account is deleted. It can be provisioned; provisioned and extended; or de-provisioned. A temporary account always has an Identity as the Owner. The Identity can have as many temporary accounts in one integration as needed. Password rotation is determined by the integration, or the Identity.