Using Privileged Account Manager, you can grant privileged access to PAM users either by elevating the user privilege or by providing privileged account credential for checkout. The resource and credential details that are required to provide privileged access are stored securely in the Credential Vault formerly known as Enterprise Credential Vault. The password of these credentials can be rotated periodically based on the compliance rule of the organization.
The credentials that are used to perform SSO by PAM are unknown to any administrator. Hence, these credentials must be rotated automatically by PAM to improve security. Similarly, the credentials used in service accounts are left unchanged, as it is tedious to detect all the service accounts, rotate their password and restart the services. Using password management feature of PAM, you can automate periodic rotation of service account password.