local admin account

Abhishek S1
Giga Contributor

‎08-28-2023 04:05 PM

One of my customer cyber security says, all the user profile with admin role user record password should be cyberark vaulted password. What this means is, any existing user profile with admin role should be either disabled or migrated to cyberark.
Question, can we get ride of admin (system administrator) account? What are the list of operations does it so that we cannot get rid of it?

Is there actually a need of local user account with admin role? If yes, what are the use cases?

0 Helpfuls
  • 2,325 Views
7 REPLIES 7

abhishek_s
Tera Contributor
In response to lukesmitty

‎05-28-2025 02:24 AM

This is possible. We have this enabled and every time we do an admin login, Cyberark goes and updates the admin password some time later.

0 Helpfuls

AshishKM
Kilo Patron
Kilo Patron

‎11-18-2024 08:55 AM

Hi @Abhishek S1

 

We have to understand that , there is no such admin account instead its role which added/or/can to add to any user to grant all admin privilege. 

 

It's role based access not the local account/or/SSO password based. 

 

Rest @SwarnadeepNandy  has already explained well.

 

-Thanks,

AshishKM


Please mark this response as correct and helpful if it helps you can mark more that one reply as accepted solution
0 Helpfuls

lukesmitty
Tera Contributor

‎11-18-2024 09:02 AM - edited ‎11-18-2024 09:02 AM

Thanks AshishKM for your reply.  True, so in that case we could put our developers AD ids into the system admin group which would grant them the access.  We've always kept them separate thou.  So for a developer they would have their AD account like all other users in the company and then they would have their local native account with a password.  Their AD account only had ITIL access where their native account would have the system admin access. 

 

Just wondering if its possible to tie the native account into CyberArk to rotate the password and not all the AD accounts? 

 

Thanks,
Luke

0 Helpfuls