Discovering Unmanaged Accounts (Discover Accounts)

JumpServer can automatically detect unmanaged accounts on target systems — accounts that were not added to the list of known accounts in the JumpServer interface.

A discovered account can be automatically added to the list of managed accounts with an automatic password change, or it can be removed from the target system.

Why Is Account Discovery Necessary?

Unmanaged accounts pose a significant security risk and can be exploited by attackers.

An unmanaged account may:

have been created temporarily “for testing,” with a weak or default password;
have been created by a former employee or contractor, possibly without authorization;
have no clear ownership or usage history (and may not be used at all).

Configuring Account Discovery

Any actions on target systems (creating accounts or SSH keys, discovering accounts, changing passwords, or rotating SSH keys) are executed by JumpServer on behalf of a privileged account assigned to your asset. This account must be marked as “Privileged” in the account properties:

Additionally, in the platform settings, you must enable the Gather accounts enabled option (enabled by default):

Enabling Automatic Account Discovery

Go to PAM → Automation → Discover Accounts
Open the Account discovery tasks tab
Click Create
Fill in the required parameters:

Assets

Select one or several assets where account discovery will be performed.

Nodes

Select a folder containing assets. JumpServer will attempt to discover accounts on all assets inside the selected folder(s).

Sync to assets

ENABLED: JumpServer will add the discovered account to the managed account list and perform a password change
DISABLED: You will see the discovered accounts and manually choose whether to delete them from the target system or add them with a password change

Check risk

Discovered accounts will appear under PAM → Risk Detection marked as New found.

Periodic

Enable periodic execution of the account discovery task.

Click Submit to save the discovery task.

Running Account Discovery

To run a discovery task manually:

Go to PAM → Automation → Discover Accounts
Open the Account discovery tasks tab
Click Execute next to the desired discovery task
Wait for the process to complete

Discovered accounts will appear in
PAM → Automation → Discover Accounts → Discovered accounts:

Actions for Discovered Accounts

In the Status column, the following actions are available:

delete remote account — the account will be deleted from the target system
add account — add the account to the managed list without changing the password
add account after password changing — add the account with an automatic password change
ignore — ignore the discovered account

<< Creating Accounts and SSH Keys on the Target System (Push Accounts)

Changing the Default Directory for SFTP Connections >>

Need help?

Support during the JumpServer PAM Enterprise Edition pilot

Have you started testing JumpServer PAM EE and encountered an issue? Our process includes organizing email threads or Telegram groups for prompt issue resolution. If you are sure you were not added to such a group, please contact your supplier or reach out to us at support@afi-d.ru

Training for your specialists on configuring and administering JumpServer PAM

As part of an active technical support subscription, we will train your specialists in installation, configuration, administration of JumpServer PAM, as well as recovery from errors and incidents.

Training is conducted online, according to a pre-agreed plan, and includes mandatory practical knowledge verification with the issuance of personalized certificates (upon successful exam completion).

Video tutorials

Visit our channel on YouTube with video tutorials covering the configuration of all JumpServer PAM sections. The videos are in Russian and are updated with each new release.

Technical support for the free JumpServer PAM Community Edition

The idea of implementing a complex but business-critical PAM system can be intimidating due to the perceived complexity of setup, administrator and security team training, and changes to account management processes.

To make the deployment and configuration of JumpServer Community Edition comfortable, and to ensure you can always rely on professional assistance, AFI Distribution offers an annual technical support subscription.

The support package priced at 1.5 million RUB per JumpServer Community Edition instance (with no limits on the number of users or target systems) includes everything required to use PAM:

Russian-language documentation;
usage scenarios and recommended deployment architectures;
training for administrators and information security specialists on working with JumpServer;
tips and solutions for common questions;
notifications about new releases with verified upgrade instructions;
integration with RADIUS and multi-factor authentication “Multifactor” ;
direct access to an engineer (no first-line support) with a clear SLA.

Learn more and make a purchase on the Technical support subscription page