Retaining credentials
To ensure that end users can continue to authenticate through Kerberos if the service account password is changed, you can configure PingOne to retain the previous credentials for the service account for the specified time period.
Steps
-
Go to Integrations → Gateways.
-
Select the applicable gateway configuration.
-
Click the Connection tab and then click Edit.
-
Select the Retain Previous Credentials checkbox.
-
For Retention Duration (Minutes), specify how long to keep the previous credentials, in minutes. The default value is 610. You can enter any value between 1 and 10,080.
-
Enter a new password into the Service Account Password field.
-
Click Save.
-
Ask the Active Directory admin to update the service account password in Active Directory. Shortly after the AD admin updates the password in AD, the INFO alert disappears from the PingOne admin console.