This article describes configuration of Panel Service, or Uplift (MIM Synchronization Service) for login to Identity Panel SaaS when using a Windows GMSA as the service account.
This procedure may be used for any scenario where you are unable to run a command prompt as the service account being configured, in order to establish the login pairing.
- Lookup the account name settings for the GMSA (server name, netBIOS Domain prefix, and sAMAccountName). For a GMSA the account name will end in a '$'.
e.g. MIMSRV01, MYDOMAIN\svcMIMSync$
- Open the Install Service page of Identity Panel
- Fill in the server name, domain, and account
- Create a new application password
- Edit Panel Tools config.json (typically at C:\Program Files\SoftwareIDM\PanelTools\config.json), go to the “Auth” section, and edit or add a JSON field called “Password”. Set it to the value of the application password.
- Restart the service that needs the login (if configuring Uplift for MIM Synchronization service, and restart FIM Sync Service and preview commit a user).
- The service restart will encrypt the password and move it to the user logins section.