Retrieving Your Privileged Secondary Account Credentials


Introduction

A Privileged Secondary Account is used to access secure systems. 

Privileged Secondary Accounts have passwords that are valid for 12 hours, which are managed by our Password Vault Web Access (PVWA) service through CyberArk. In order to retrieve the Privileged Secondary Account password, you will need to authenticate into the PVWA service using your Michigan Medicine account, password, and Duo two-factor authentication.

 

Note:

Secondary Accounts are automatically created and managed by being members of a group identified as a privileged group, not on a user-by-user basis.

Instructions

To retrieve your Secondary Account Password, complete the following steps:

  • Navigate to https://idm.med.umich.edu and click Password Vault Web Access (PVWA) service.
    • Supported browsers
      • Current releases of Google Chrome, Mozilla Firefox, and Edge
  • On the next screen, enter your Michigan Medicine login credentials. You will be prompted to authenticate with Duo two-Factor Authentication.
    • If you are presented with a Please choose your sign in authentication method page, choose the SAML option
  • After successful authentication, you will be in the PVWA homepage. Follow the instructions below, depending on the CyberArk version that displays:

 

CyberArk Classic Interface

 

  • Click in the Search field to the right of the Customize button and enter your Uniqname to locate your Secondary Account name. Your Secondary Account name is also located in the notification email. Look for your Username with "umhs-" in front of it (e.g., umhs-jwolverine).
  • Click the Show Password icon at the end of the row. This pop-up stays open for only 10 seconds (See first image below).
  • In the pop-up, highlight and copy the displayed password (Ctrl-C).
    • Note: The Copy button to the right may or may not work on your browser (see second image below).

 

CyberArk Updated Interface

  • Click in the Search field and enter your Uniqname to locate your Secondary Account name. Your Secondary Account name is also located in the notification email. Look for your Username with "umhs-" in front of it (e.g., umhs-jwolverine).
  • Click the Show Password icon at the end of the row. This pop-up stays open for only 10 seconds.
  • In the pop-up, click the password Copy button (see image below).

 

You will be able to authenticate into the protected application with your Secondary Account and the password you just copied.

As shown in the screenshots above, your assigned secondary account username is: <umhs-your Uniqname> 

Note:  Your Secondary Account password automatically changes every 12 hours. Ensure that you log out of the protected application(s) to prevent account lockouts due to password expiration. Once your password has expired, you will need to repeat the above steps to retrieve a new password. 

 

How to reset your secondary account password

  1. Go into your account details page by clicking on your Username.
  2. Click on the Release button.
  3. In CPM tab, you will see a message stating "This account is scheduled for immediate change."
    • Note: the password could take up to 5 minutes to change, after 5 minutes, click Refresh button and message will go away.
  4. Once message goes away, click on Show button and you should see a new password.