Exceptional access
Exceptional access, which is characterized by short duration access, is critical in some daily situations such as problem correction, so granting exceptional access must be quick and easy. senhasegura offers a simple and effective solution to ensure that such accesses are set up quickly and still maintain the security of the devices.
Exceptional access is composed of a credential action button, which is only available to users that have permission to create exceptional accesses. By clicking on the button the administrator is directed to a screen where he must select the user that will receive the access and fill in the start and end date of this permission. Automatically senhasegura will grant access permission only for that credential and only to the selected user and will revoke this right as soon as the validity expires, closing the session if it is still open. senhasegura will use just-in-time credentials to assure the security of this access and will allow auditing just like conventional sessions, through video of the session and the command log.
The pop-up screen that will open has the following fields:
User: Field to fill in the user who will receive the exceptional access
Start date: Field to fill in the start date of the access
End date: Field to fill in the end date of the access
Credential username: Informative field of which credential was selected
Device: Informative field with the device that will be the target of this access
Domain: Informative field with the domain of the target device
Save: Button to save the information and finish the action
Exceptional access Sometimes, in exception or emergency scenarios, it will be necessary to grant access to a credential to a certain user for a short period of time.
In these cases, to avoid modifying the PAM Access Groups, you can use the Exceptional Access functionality. Modification of PAM access groups can create access conflicts with other users, limiting or granting improper access.
To set up exceptional access to a credential, follow these steps:
Go to the Credentials report and click on the Exceptional access registration action for the desired credential;
In the presented form, configure the access validity period in the fields Access restriction;
Configure the users who will benefit from access;
Click Save to finish the configuration;
Users will not be notified that they have received exceptional access.
To view the configured exceptional access list, go to the menu PAM ➔ Access Control ➔ Exceptional Access. In this report you can see which credentials each user has access to. Through the details magnifying glass, you can see more details of the release operation and what actions can be performed.