---
title: Retaining credentials
description: To ensure that end users can continue to authenticate through Kerberos if the service account password is changed, you can configure PingOne to retain the previous credentials for the service account for the specified time period.
component: pingone
page_id: pingone:integrations:p1_retaining_credentials
canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_retaining_credentials.html
revdate: November 7, 2023
section_ids:
  steps: Steps
---

# Retaining credentials

To ensure that end users can continue to authenticate through Kerberos if the service account password is changed, you can configure PingOne to retain the previous credentials for the service account for the specified time period.

## Steps

1. Go to **Integrations → Gateways**.

2. Select the applicable gateway configuration.

3. Click the **Connection** tab and then click **Edit**.

4. Select the **Retain Previous Credentials** checkbox.

5. For **Retention Duration (Minutes)**, specify how long to keep the previous credentials, in minutes. The default value is 610. You can enter any value between 1 and 10,080.

6. Enter a new password into the **Service Account Password** field.

7. Click **Save**.

8. Ask the Active Directory admin to update the service account password in Active Directory. Shortly after the AD admin updates the password in AD, the INFO alert disappears from the PingOne admin console.