Guides
Log In
Guides
Start typing to search…

How to Configure Access Control

Overview

  • For an overview on the Cyolo Vault feature, refer to the section: Vault.

LDAP Prerequisites for Cyolo Password Rotation

To allow Cyolo to rotate LDAP passwords without failures, you must adjust the LDAP password policy.

Required Setting

Set the LDAP policy MinPasswordAge to 0 days.

By default, this value is often set to 1 day, which enforces a mandatory waiting period between password changes. This restriction prevents Cyolo from performing supervised or repeated password rotations.

If MinPasswordAge is not set to 0, the LDAP server will reject password change requests that occur within the restricted time window.

PowerShell Commands

Check the current MinPasswordAge value:

Get-ADDefaultDomainPasswordPolicy | fl MinPasswordAge

Set MinPasswordAge to 0 days:

Set-ADDefaultDomainPasswordPolicy -Identity "oli-n-sid.local" -MinPasswordAge 00.00:00:00

Ensure this change is applied before configuring or enabling password rotation through Cyolo Vault.

Configuration

  1. Log in to the Cyolo Admin Portal.
  2. Navigate to the Vault > Access Controls page.
  3. Click the Add button at the top right.

General Information

  • Name: Enter a descriptive name for the access control. This helps in identifying the purpose or the
    resource it is associated with.

  • Description: Provide a detailed description of what this access control is for. This can include information about the type of access, the resources it controls, and any other relevant details.

Identities

In the Identities section, select the users, groups, or roles that will have access to retrieve the secrets. You can add multiple identities based on the structure of your organization.

  • Click the Search bar and select the user/ group/ API Key that should have access to the secrets.

Secret Labels

Use the Labels section to add labels that help categorize and manage your secrets or resources this access control will manage. This step is optional but can be useful for organizing the secrets.

  1. Click the Search bar to select a label from the existing list.
  2. To create a new label from this window, click the Create new label button.
  3. On the Add New Label window:
  • Enter a label name

  • Enter a description of the label.

  • Choose a colour from the palette, or enter the colour value for a custom colour.

  1. Click the Create button to save the new access control configuration.

Updated 27 days ago