Managing Service Account Passwords

On this page:

  • Overview
  • Changing Service Accounts
  • Service Account Password Groups (SAPWD)
  • Service Account FAQ's

Overview

A Service Account is a non-human privileged digital identity used by an application or service to interact with other applications or operating systems. The OU IT Password Policy requires Service Accounts be changed every 365-days with a minimum of 12 characters.

Service Account management and changing of passwords are controlled through Service Account Password Security Groups (SAPWD).

Changing Service Account Passwords

To change a service account password, please log into ONE (https://one.ou.edu) with your regular account.. You will be prompted with a PingID MFA. Once authenticated, proceed to Account Settings and click the "Service Accounts" tab. You will be presented with all Service Accounts your account is entitled to manage/change.

Service Account Password Groups (SAPWD)

A Service Account Password Group (SAPWD) is a security group comprised of owners and members which are entitled to manage/change Service Account passwords. A Service Account Password Group can control multiple Service Accounts.

  • Service Account Password Group Owner Permissions
    • OU IT requires each Service Account Password Group to have 2 FTE owners.
    • Service Account Password Group Owners are entitled to manage the membership of the Service Account Password Group via groups.ou.edu.
    • Service Account Password Group Owners are NOT entitled to change Service Account password unless they are also a member.
  • Service Account Password Group Member Permissions
    • Members of a Service Account Password Group are entitled to change the corresponding Service Accounts AND receive notifications about Service Account password changes.

Service Account FAQ's

Q: Why am I not seeing the "Service Account" tab in ONE?

A: You are not a member of a Service Account Password Group (SAPWD). Please work with your department to ensure you are added as a member to the appropriate Service Account Password Group.

Q: Why isn't my Service Account showing up in ONE?

A: There are 2 potential issues:

  1. You are not a member of the Service Account Password Group which controls the Service Account.
    1. Ask the owner of the Service Account Password Group to add you as a member.
  2. The Service Account is older and is not controlled by a Service Account Password Group.
    1. Submit a request to modify a Privileged Account to have the Service Account added to a Service Account Password Group.

 

 

 

Print Article