Configuring Privileged Account Manager to Enable Password Checkout for SAP application.


Privileged Account Manager (fka Privileged User Manager) supports the Password Checkout feature using which the users of Privileged Account Manager can get privileged account credentials to access an application for a specific period. For more information about this feature, refer to section Shared Account Management for Privileged Account Credentials

To enable the Password Checkout feature for SAP, perform the following:-


    • Privileged Account Manager 3.0 running on Operating System Linux 64-bit or Windows 64-bit


    • Java 1.6 or higher

    1. On the server where Privileged Account Manager is running, download and extract the attached CoolTool file, '' to the folder /sap/ for Linux/UNIX system or c:\sap\ for Windows system. The zip file contains the following files -

        • sapjco3.jar - SAP java client library.

        • - SAP Linux 64-bit client library.

        • sapjco3.dll - SAP Windows 64-bit client library.

        • SAPUserPwdCheckIn.jar - Java SAP Client to reset a SAP users' password.

        • - Privileged Account Manager perl script which calls the above Java SAP client.


    1. Create Account Domain for the SAP System for Password Checkout in Privileged Account Manager by following the steps in the following URL Configuring Privileged Account Manager to Enable Password Checkout for Applications


    1. Modify the Account Domain with the configuration details as mentioned below -

        • Copy and paste the contents of the perl script, '' into the 'Script' field.

        • Click 'Custom Attributes' then add the following attributes with the same case and specify its value as per the SAP System -

            1. systemNumber

            1. clientNumber

            1. lang - Default value is EN

            1. SAP_JARS_PATH - Set the value as /sap/ for Linux or UNIX system and c:\sap\ for Windows system as it is mentioned in step 1.


    1. Users can now Checkout the SAP user password from the SAP system by following the steps in the section Enterprise Password Checkout




How To-Best Practice
Comment List
Related Discussions