Using Privileged Account Manager, you can grant privileged access to Privileged Account Manager users either by elevating the user privilege or by providing privileged account credentials for checkout. The resource and credential details required to provide privileged access are stored securely in the Credential Vault, formerly known as Enterprise Credential Vault. The password of these credentials can be rotated periodically based on the compliance rule of the organization.
The credentials that are used to perform SSO by Privileged Account Manager are unknown to any administrator. Hence, these credentials must be rotated automatically by Privileged Account Manager to improve security. Similarly, the credentials used in service accounts are left unchanged, as it is tedious to detect all the service accounts, rotate their password, and restart the services. Using the password management feature of Privileged Account Manager, you can automate periodic rotation of service account password.