Multiple credentials procedures, Configuring the multiple credentials feature, Granting credentials – HP Secure Key Manager User Manual

access to the SKM configuration is secured but not in a haphazard manner. It is best to have a
documented procedure in place to handle such a situation. One possible procedure is the following:

1.

Delete the former security officer’s administrator account immediately, then create a new
administrator account with the same permissions but a different account name. Have the
replacement security officer use the new account.

NOTE:

The account must be deleted because It is not possible for administrators to change another
administrator’s password on the SKM.

2.

Have each remaining security officer change their administrator account password, preferably
with at least one other security officer present to witness the password change.

3.

Change the user account passwords on both the SKM and the enrolled clients, again with at
least one other security officer present. Because this may interrupt the ability of the library to
retrieve keys during the change and verification, this should be done outside the backup window
at the earliest convenience.

4.

Change the backup job passwords for each SKM in the configuration. Remember that if an
automated script is being used to run the backup jobs, the password information will have to be
changed in the script, as well.

Multiple credentials procedures

Configuring the multiple credentials feature

To configure the multiple credentials feature:

1.

Log in to the Management Console as an administrator with High Access Administrators access
control.

2.

Navigate to the Multiple Credentials for Key Administration section on the Administrator
Configuration page (Device > Administrators > Multiple Credentials).

3.

Click Edit.

4.

Select Require Multiple Credentials.

5.

Specify the number of administrators required to perform configuration operations. There must
be at least as many administrators with High Access Administrator access control as are required
by this field.

6.

To allow administrators to grant their credentials to other administrators for a limited time period
select Allow Time-Limited Credentials. Enter the time period in the Maximum Duration for
Time-Limited Credentials field.

7.

Click Save.

Granting credentials

Prior to granting credentials, you must select Require Multiple Credentials and Allow Time-Limited
Credentials on the Multiple Credentials for Key Administration section.

To grant credentials:

Performing configuration and operation tasks

78