Reference Record
A reference record is a record that is used in multiple other records so that any parameters (Host, Port, User, Password, Certificate, Passphrase or custom fields) can be shared.
For example, you could create an Active Directory (AD) account record and rather than re-entering the same user, password, certificate or passphrase into multiple other records, you could simply point to this AD account as a reference and the system will auto-populate and maintain these parameters.
The system will then “reference”, instead of storing a copy, this original record when needing to access the shared credentials.
In addition to making it easier to build out and organize your system, this also makes it much more convenient when rotating passwords.
In the previous example, if this AD account was NOT used as a reference, when the password was changed in any record, the others would stop working because their password is now outdated.
Alternatively when it is configured as a reference, a password reset executed on any would then be updated to all.
Using of reference record
First, to ensure security, in order for any user to configure a record with a reference, they must have at least Editor permission on this new or existing record and at least Unlock permission to the reference record.
Once granted the necessary permissions, simply enter or select the record in the Reference Record field and the shared parameters will be added for you (and overwrite any current parameters in these shared fields).
Shared parameters are read only so if you need to modify them then you will need to edit the reference record itself.
If you would like to remove a reference record and instead assign parameters directly to a record, simply remove the reference from the field, the shared parameters will become read/write enabled and then enter your new parameters as needed.
Once complete, click the Save button to finish the operation.
Enter the value $null into a field to prevent it from being referenced in other records.
If questions about architecture and system recommendations for large scale farm deployments remain or issues arise while using PAM, please contact the Support team: https://support.imprivata.com/.
