Hi, I have a quick question regarding the synchronisation of a dual account from within PAS to Conjur.
When the CPM rotates the password and marks the inactive password object active, via AAM CP or CCP using virtual name, the new active password object credentials would be retrieved.
I can’t see how this would work I a timely fashion in Conjur. I assume that the new active details would be sync’d during the next sync cycle rendering the secret in Conjur out of date and incorrect for the period between PAS rotation and the next sync.
Am I correct? Apart from reducing the sync frequency can anything be done? Even the minimum sync time of 1 minutes may be too long in critical use cases.
Thoughts and opinions would be most appreciated, many thanks