What kind of service account does Privileged Access Manager require and how is that account protected?

Hitachi ID Privileged Access Manager is configured by most organizations with administrative-level passwords to each target system. While this is not strictly necessary on every system, it makes configuration simpler. What Privileged Access Manager actually requires is an account on each target system that has the rights to perform operations such as listing accounts and groups, creating/deleting user objects, assigning accounts to groups and revoking group memberships, enabling/disabling the right of a user to sign in, testing current and administratively setting new passwords, clearing intruder lockout flags, reading and writing identity attributes, etc. Read more here: https://hitachi-id.com