Service account rules - Metasys - LIT-12011279 - General System Information - Metasys System - 13.0

Network and IT Guidance Technical Bulletin

Brand
Metasys
Product name
Metasys System
Document type
Technical Bulletin
Document number
LIT-12011279
Version
13.0
Revision date
2023-09-29
Product status
Active
Language
English

When specifying a service account with the Metasys Security Administrator System, keep these important rules in mind:

  • For releases prior to Metasys Release 8.1 and SCT Release 11.1, each service account must use the full domain UPN format for the username. Provide the fully qualified domain name where the domain specifier is at the domain level. For example, use metasys.service@my.corp.com instead of metasys.service@corp.com, even though the latter is a valid form of the username.

    For Metasys Release 8.1 or later, and SCT Release 11.1 or later, each service account must use the full domain UPN format or the exact or alternate UPN for the username. Provide the full domain name where the domain specifier is at the domain level for the full domain UPN format. Provide the prefix/username and suffix/domain for the exact or alternate UPN format. For example, use metasys.service@my.corp.com for the full domain UPN format and metasys.service@corp.com for the exact or alternate UPN format.

  • A blank password for a service account is prohibited.

  • The ability to specify more than one service account is available. You only need to specify more than one service account if an Active Directory service trust does not exist between the domain in which the service account is created and all other domains where Metasys users reside. In this case, specify one service account per domain where the Metasys users reside.

  • The Service Account should be configured with a non-expiring password; however, if the password is set to expire, you need to reset it in the Metasys Security Administrator System each time you reset it on the Active Directory service domain.