TKM Teknologi

LOGO TKMT 200X100
Menu
Login
Menu

ACCOUNT DISCOVERY

PAM Feature — Account Discovery
PAM Feature 04

Account Discovery

Account Discovery and onboarding of privileged accounts across multiple systems, applications, and cloud infrastructure providers

Privileged Account Discovery represents a fundamental component of a comprehensive PAM framework. It enables organizations to systematically identify, categorize, and govern privileged accounts across the entire IT infrastructure — enhancing organizational resilience and fortifying the overall security posture.
Account Discovery Types
TypeDescription
Add Account ManuallyAllows administrators to directly register privileged accounts into the system without waiting for automated discovery. This ensures critical accounts such as newly created service accounts, specialized administrator credentials, or accounts in isolated environments are immediately governed.
Automation

Automation streamlines processes and can eliminate manual intervention while maintaining uninterrupted visibility into privileged accounts. This continuous oversight ensures comprehensive awareness of the privileged access landscape, thereby strengthening governance and reinforcing enterprise security.

The auto-discovery and management capabilities optimize operational efficiency by reducing time requirements and eliminating administrative complexity. They further ensure that newly introduced privileged assets are rapidly brought under governance, reinforcing organizational control and strengthening overall security posture.

Account Discovery in Active Directory
  • Administrative Accounts – High-privilege accounts that empower IT teams to configure servers, manage Active Directory, and perform mission-critical tasks. Examples: Domain Admins, Enterprise Admins.
  • Computer Accounts – Every device joining the AD domain receives its own account, making it easier to centrally manage and safeguard computer resources.
  • User Accounts – Digital identity of each employee or individual in the network. Unique usernames and passwords ensure secure authentication and controlled access to business resources.
  • Group Accounts – Collections of users, computers, or other groups that simplify access management. Assigning permissions once to a group streamlines administration and reduces complexity.
  • Organizational Units (OUs) – Logical containers that structure users, groups, and computers. OUs bring order to complex environments, making directory management more efficient and scalable.
  • Service Accounts – Specialized accounts that run background services and processes securely. They isolate permissions, minimize risk, and keep essential applications running smoothly.
Configure Account Discovery

You can execute an Account Discovery job to identify and optionally onboard local accounts within a chosen category — Database, Directory Server, or Operating System. It is recommended to perform the scan during off-peak hours to ensure better bandwidth availability and minimize potential disruptions.

To run this job successfully, your account must be configured as a management account — an administrator-level account defined under Account Defaults with its role set to management.

  1. Log in to the system and choose PAM from the product navigator.
  2. Navigate to Manage → Discovery → Account → Add Account Discovery.
    Navigate to Account Discovery

    Manage → Discovery → Account → Add Account Discovery

  3. Provide a Job Title.
  4. Choose the Asset Category — such as Database, Directory Server, or Operating System.
  5. Select the appropriate Asset Type from the dropdown list.
  6. Configure the Schedule Type:
    • Once – run the job a single time at a specified date and time.
    • Recurring – run the job automatically at regular intervals.
  7. Indicate whether you want the discovered accounts to be onboarded.
  8. Click Save + Run Now to initiate the account discovery process.
    Save and Run Account Discovery job

    Click Save + Run Now to initiate the discovery process

Menu