Hi I have below questions about user credentials and I am laying down a guide for huge implementation, these are many questions but very important
thanks a lot in advance!!!
- What is best practice for managing credentials of the BOT?
- How does BOT handle systems that have expiring passwords and need frequent changes?
- Does a BOT use its own credentials?
- Challenges in creating credentials in RPA tool.
- Does a common password policy sufficient for different types of BOT environments
- Coarse grained vs fine grained access and Single Sign-On. What is the threat from BOT?
- How will BOTs bypass or use multi-factor authentication?
- How do we manage developer access to BOT?
- What is the level of security and log management for access to BOT environment?
- What is the approach for designing access roles for BOT administration?
- How do we manage role lifecycle for the BOTs?
- What interfaces are available in the RPA tools to manage BOT accounts in IAM Solution?
- How will BOT check out passwords from PIM solution?
- What is effective UAR process for BOT IDs?
- How do we certify the BOTs?
- Is a separate UAR tool required?
- Should BOTs be used in IDP and ASP scenarios?
- Will federated partners allow use of BOTs?
- Are BOTs a new user type?
- How many BOT IDs are required for managing the RPA environment?
- What User accounts should the BOTs have at server level?
- How do we define Bot’s role?
- Can we follow the end user role design strategy for BOTs? SoD? Sensitive access?
- How do we manage access security of a BOT?
- Can BOTs manage lifecycle of service accounts for IT infrastructure
- Can BOTs manage production or non-production environment?
- Can a BOT configure and trigger the access certification campaigns?
- Which controls are required to detect and protect exploitation of BOT credentials?
- Can BOTs access the federated applications seamlessly using single sign-on?
- Can BOTs be misused to trigger attacks as IDP and ASP from federated partners?
- Do we need to develop BOT specific User and privileged account management
- How are the BOT ID owners defined?