Announcements

Starting in December, we will archive content from the community that is 10 years and older. This FAQ provides more information.

Community
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable GMSA Accounts as Impersonation User

Enable GMSA Accounts as Impersonation User

Would be great to have the possibility to use Group Managed Service Accounts as the impersonation user in Vault. The GUI currently doesn't allow to use an account without password - perhaps this is the only roadblocker?
Goal: still easy administration with higher security by using GMSA

2 Comments
ihayesjr
Community Manager

@christian.hombach 

Thank you for posting the idea. However, why would you want to use an account that doesn't have a password? This will be a security risk. 

christian.hombach
Contributor

a Group Managed Service Account does have a "password" (=key) "behind the scene" - but this only known by systems, not administrators... so I can't provide it for the Vault Setup. This "hidden password" changes periodicaly.


And yes it is secure - and recommended by Microsoft for security reasons.

Group Managed Service Accounts Overview | Microsoft Learn

Can't find what you're looking for? Ask the community or share your knowledge.

Submit Idea  

Autodesk Design & Make Report