SaaS app service accounts

Early Access release

SaaS app service accounts are shared accounts on third-party SaaS platforms that are supported by Okta. Okta Privileged Access enables you to control access to these accounts by securing and credentials, and by managing how credentials are checked in and checked out. This applies only to apps with supported lifecycle management (LCM) connectors that allow Okta Privileged Access to actively manage passwords, including scheduled rotation and post-use password changes. However, for apps without a supported LCM connector, Okta Privileged Access can still manage shared accounts and control password access, but active password management isn't available.

View checked-out accounts

Resource admins can view which accounts are currently checked out and by who. If required, they can force a check-in on any accounts. See Checkout.

Configure project settings

Configure the setting to adjust password complexity, enable password rotation schedule, and enable checkout.

  1. On the Okta Privileged Access dashboard, go to Resource Administration Resource Management

  2. Select the resource group that contains the project you want to configure.

  3. Click a project that you want to configure.

  4. Go to the Settings tab.

  5. Click Edit. The option is available if the accounts are linked to an app supported by an LCM connector.

    Action Task

    Password complexity

    1. Enter the minimum and maximum characters that you want to enforce.

    2. Under Password includes, select one or more options to include in the password.

    3. Select the checkbox under Advanced settings to require at least 1 character from each set.

    4. Click Save.

    Schedule password rotation

    Select Schedule password rotation for, and then complete the following task:

    1. Select one of the following options:

      • All accounts that support rotation

      • All accounts except. If you select this option, click the dropdown menu and select one or more accounts to be excluded from password rotation.

      • Only these accounts. If you select this option, click the dropdown menu and select one or more accounts to be included from password rotation.

    2. Enter Quantity, and then select the Unit to set the frequency for password rotation.

    3. Click Save.

    Checkout

    Only Okta Privileged Access security admins can configure this setting.

    Select Enable checkout for checkbox, and then complete the following task:

    1. Select one of the following options:

      • All accounts that support checkout

      • All accounts except. If you select this option, click the dropdown menu and select one or more accounts to be excluded from checkout.

      • Only these accounts. If you select this option, click the dropdown menu and select one or more accounts where checkout will be enabled.

    2. Enter Quantity, and then select the Unit to set the maximum checkout time.

    3. Click Save.

Related topics

Manage service accounts

Projects